CVE-2004-0396
NONE EPSS 99.2%
Published Jun 14, 200422y ago · Modified Jun 16, 20262w ago
Published Jun 14, 2004 22y ago
Last Modified Jun 16, 2026 2w ago
Description
Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up to 1.12.7, when using the pserver mechanism allows remote attackers to execute arbitrary code via Entry lines.
Threat Intelligence
EPSS Exploit Probability
99.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Affected Products 2
References 28
- ftp.netbsd.org ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2004-008.txt.asc
- ftp.freebsd.org ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:10.cvs.asc
- archives.neohapsis.com http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0980.html
- cert.uni-stuttgart.de http://cert.uni-stuttgart.de/archive/bugtraq/2004/05/msg00219.html
- lists.grok.org.uk http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021742.html
- marc.info http://marc.info/?l=bugtraq&m=108498454829020&w=2
- marc.info http://marc.info/?l=bugtraq&m=108500040719512&w=2
- marc.info http://marc.info/?l=bugtraq&m=108636445031613&w=2
- marc.info http://marc.info/?l=openbsd-security-announce&m=108508894405639&w=2
- secunia.com http://secunia.com/advisories/11641
- secunia.com http://secunia.com/advisories/11647
- secunia.com http://secunia.com/advisories/11651
- secunia.com http://secunia.com/advisories/11652
- secunia.com http://secunia.com/advisories/11674
- security.e-matters.de http://security.e-matters.de/advisories/072004.html
- security.gentoo.org http://security.gentoo.org/glsa/glsa-200405-12.xml
- ciac.org http://www.ciac.org/ciac/bulletins/o-147.shtml
- debian.org http://www.debian.org/security/2004/dsa-505
- kb.cert.org http://www.kb.cert.org/vuls/id/192038
- mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2004:048
- osvdb.org http://www.osvdb.org/6305
- redhat.com http://www.redhat.com/support/errata/RHSA-2004-190.html
- securityfocus.com http://www.securityfocus.com/bid/10384
- slackware.com http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.395865
- us-cert.gov http://www.us-cert.gov/cas/techalerts/TA04-147A.html
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/16193
- oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9058
- oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A970
Remediation
- debian.org http://www.debian.org/security/2004/dsa-505
- kb.cert.org http://www.kb.cert.org/vuls/id/192038
- redhat.com http://www.redhat.com/support/errata/RHSA-2004-190.html