Slackware Advisory SSA:2004-140-01 Cvs Network Vulnerability

Summary

The remote host is missing an update as announced via advisory SSA:2004-140-01.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2004-140-01

Insight

New cvs packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix a buffer overflow vulnerability which could allow an attacker to run arbitrary programs on the CVS server. Sites running a CVS server should upgrade to the new CVS package right away. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0396

Severity

Classification

CVE CVE-2004-0396

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Slackware Advisory SSA:2003-266-01 New OpenSSH packages
Slackware Advisory SSA:2004-296-01 gaim
Slackware Advisory SSA:2004-133-01 apache
Slackware Advisory SSA:2004-154-02 PHP local security issue
Slackware Advisory SSA:2004-006-01 Kernel security update

Slackware Advisory SSA:2004-140-01 cvs

Take action and discover your vulnerabilities