FreeBSD : cvs -- numerous vulnerabilities (d2102505-f03d-11d8-81b0-000347a4fa7d)

Critical Nessus Plugin ID 37427


The remote FreeBSD host is missing a security-related update.


A number of vulnerabilities were discovered in CVS by Stefan Esser, Sebastian Krahmer, and Derek Price.

- Insufficient input validation while processing 'Entry' lines.

- A double-free resulting from erroneous state handling while processing 'Argumentx' commands. (CVE-2004-0416)

- Integer overflow while processing 'Max-dotdot' commands.

- Erroneous handling of empty entries handled while processing 'Notify' commands. (CVE-2004-0418)

- A format string bug while processing CVS wrappers.

- Single-byte buffer underflows while processing configuration files from CVSROOT.

- Various other integer overflows.

Additionally, iDEFENSE reports an undocumented command-line flag used in debugging does not perform input validation on the given path names.

CVS servers ('cvs server' or :pserver: modes) are affected by these vulnerabilities. They vary in impact but include information disclosure (the iDEFENSE-reported bug), denial-of-service (CVE-2004-0414, CVE-2004-0416, CVE-2004-0417 and other bugs), or possibly arbitrary code execution (CVE-2004-0418). In very special situations where the attacker may somehow influence the contents of CVS configuration files in CVSROOT, additional attacks may be possible.


Update the affected package.

See Also

Plugin Details

Severity: Critical

ID: 37427

File Name: freebsd_pkg_d2102505f03d11d881b0000347a4fa7d.nasl

Version: $Revision: 1.15 $

Type: local

Published: 2009/04/23

Modified: 2016/01/14

Dependencies: 12634

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:cvs+ipv6, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2004/08/17

Vulnerability Publication Date: 2004/05/20

Reference Information

CVE: CVE-2004-0414, CVE-2004-0416, CVE-2004-0417, CVE-2004-0418, CVE-2004-0778

BID: 10499

OSVDB: 6830, 6831, 6832, 6833, 6834, 6835, 6836, 8977

FreeBSD: SA-04:14.cvs

Secunia: 11817, 12309

CWE: 119