CVS < 1.11.17 / 1.12.9 Multiple Vulnerabilities
High Nessus Plugin ID 12265
SynopsisThe remote CVS server is affected by multiple issues.
DescriptionThe remote CVS server, according to its version number, might allow an attacker to execute arbitrary commands on the remote system because of a flaw relating to malformed Entry lines which lead to a missing NULL terminator.
Among the issues deemed likely to be exploitable were:
- A double-free relating to the error_prog_name string. (CVE-2004-0416)
- An argument integer overflow. (CVE-2004-0417)
- Out-of-bounds writes in serv_notify. (CVE-2004-0418)
SolutionUpgrade to CVS 1.12.9 or 1.11.17.