Summary
The remote CVS server, according to its version number, might allow an attacker to execute arbitrary commands on the remote system because of a flaw relating to malformed Entry lines which lead to a missing NULL terminator.
Among the issues deemed likely to be exploitable were:
- a double-free relating to the error_prog_name string (CVE-2004-0416) - an argument integer overflow (CVE-2004-0417)
- out-of-bounds writes in serv_notify (CVE-2004-0418)
Solution
Upgrade to CVS 1.12.9 or 1.11.17
Severity
Classification
-
CVE CVE-2004-0414, CVE-2004-0416, CVE-2004-0417, CVE-2004-0418 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Acrobat Multiple Vulnerabilities - 01 Jan14 (Windows)
- Adobe Acrobat and Reader PDF Handling Multiple Vulnerabilities (Windows)
- Adobe Air Multiple Vulnerabilities - October 12 (Mac OS X)
- Adobe AIR Multiple Vulnerabilities(APSB14-24)-(Windows)
- Adobe AIR Multiple Vulnerabilities -01 April 13 (Windows)