This script is Copyright (C) 2004-2016 Tenable Network Security, Inc.
The remote Mandrake Linux host is missing a security update.
Another vulnerability was discovered related to 'Entry' lines in cvs,
by the development team (CVE-2004-0414).
As well, Stefan Esser and Sebastian Krahmer performed an audit on the
cvs source code and discovered a number of other problems, including :
A double-free condition in the server code is exploitable
By sending a large number of arguments to the CVS server, it is
possible to cause it to allocate a huge amount of memory which does
not fit into the address space, causing an error (CVE-2004-0417).
It was found that the serve_notify() function would write data out of
The provided packages update cvs to 1.11.16 and include patches to
correct all of these problems.
Update the affected cvs package.
Risk factor :
Critical / CVSS Base Score : 10.0
Public Exploit Available : true
Family: Mandriva Local Security Checks
Nessus Plugin ID: 14157 (mandrake_MDKSA-2004-058.nasl)
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now