CVE-2004-0396

NONE EPSS 99.2%
Published Jun 14, 200422y ago · Modified Jun 16, 20262w ago
Find Similar
Published Jun 14, 2004 22y ago
Last Modified Jun 16, 2026 2w ago

Description

Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up to 1.12.7, when using the pserver mechanism allows remote attackers to execute arbitrary code via Entry lines.

Threat Intelligence

EPSS Exploit Probability
99.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 2

VendorProductVersionRange
cvscvs1.11any
cvscvs1.12any

References 28

  • ftp.netbsd.org ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2004-008.txt.asc
  • ftp.freebsd.org ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:10.cvs.asc
  • archives.neohapsis.com http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0980.html
  • cert.uni-stuttgart.de http://cert.uni-stuttgart.de/archive/bugtraq/2004/05/msg00219.html
  • lists.grok.org.uk http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021742.html
  • marc.info http://marc.info/?l=bugtraq&m=108498454829020&w=2
  • marc.info http://marc.info/?l=bugtraq&m=108500040719512&w=2
  • marc.info http://marc.info/?l=bugtraq&m=108636445031613&w=2
  • marc.info http://marc.info/?l=openbsd-security-announce&m=108508894405639&w=2
  • secunia.com http://secunia.com/advisories/11641
  • secunia.com http://secunia.com/advisories/11647
  • secunia.com http://secunia.com/advisories/11651
  • secunia.com http://secunia.com/advisories/11652
  • secunia.com http://secunia.com/advisories/11674
  • security.e-matters.de http://security.e-matters.de/advisories/072004.html
  • security.gentoo.org http://security.gentoo.org/glsa/glsa-200405-12.xml
  • ciac.org http://www.ciac.org/ciac/bulletins/o-147.shtml
  • debian.org http://www.debian.org/security/2004/dsa-505
    PatchVendor Advisory
  • kb.cert.org http://www.kb.cert.org/vuls/id/192038
    PatchThird Party AdvisoryUS Government Resource
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2004:048
  • osvdb.org http://www.osvdb.org/6305
  • redhat.com http://www.redhat.com/support/errata/RHSA-2004-190.html
    PatchVendor Advisory
  • securityfocus.com http://www.securityfocus.com/bid/10384
  • slackware.com http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.395865
  • us-cert.gov http://www.us-cert.gov/cas/techalerts/TA04-147A.html
    US Government Resource
  • exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/16193
  • oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9058
  • oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A970

Remediation

  • debian.org http://www.debian.org/security/2004/dsa-505
    PatchVendor Advisory
  • kb.cert.org http://www.kb.cert.org/vuls/id/192038
    PatchThird Party AdvisoryUS Government Resource
  • redhat.com http://www.redhat.com/support/errata/RHSA-2004-190.html
    PatchVendor Advisory