From: | Kurt Lieber <klieber@g.o> |
---|---|
To: | gentoo-announce@l.g.o |
Cc: | bugtraq@×××××××××××××.com, full-disclosure@××××××××××××.com, security-alerts@×××××××××××××.com |
Subject: | [gentoo-announce] [ GLSA 200406-06 ] CVS: additional DoS and arbitrary code execution vulnerabilities |
Date: | Thu, 10 Jun 2004 19:56:15 |
Message-Id: | 20040610195625.GU9639@mail.lieber.org |
1 | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
2 | Gentoo Linux Security Advisory GLSA 200406-06 |
3 | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
4 | http://security.gentoo.org/ |
5 | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
6 | |
7 | Severity: High |
8 | Title: CVS: additional DoS and arbitrary code execution |
9 | vulnerabilities |
10 | Date: June 10, 2004 |
11 | Bugs: #53408 |
12 | ID: 200406-06 |
13 | |
14 | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
15 | |
16 | Synopsis |
17 | ======== |
18 | |
19 | Several serious new vulnerabilities have been found in CVS, which may |
20 | allow an attacker to remotely compromise a CVS server. |
21 | |
22 | Background |
23 | ========== |
24 | |
25 | CVS (Concurrent Versions System) is an open-source network-transparent |
26 | version control system. It contains both a client utility and a server. |
27 | |
28 | Affected packages |
29 | ================= |
30 | |
31 | ------------------------------------------------------------------- |
32 | Package / Vulnerable / Unaffected |
33 | ------------------------------------------------------------------- |
34 | 1 dev-util/cvs <= 1.11.16-r1 >= 1.11.17 |
35 | |
36 | Description |
37 | =========== |
38 | |
39 | A team audit of the CVS source code performed by Stefan Esser and |
40 | Sebastian Krahmer resulted in the discovery of several remotely |
41 | exploitable vulnerabilities including: |
42 | |
43 | * no-null-termination of "Entry" lines |
44 | |
45 | * error_prog_name "double-free()" |
46 | |
47 | * Argument integer overflow |
48 | |
49 | * serve_notify() out of bounds writes |
50 | |
51 | Impact |
52 | ====== |
53 | |
54 | An attacker could use these vulnerabilities to cause a Denial of |
55 | Service or execute arbitrary code with the permissions of the user |
56 | running cvs. |
57 | |
58 | Workaround |
59 | ========== |
60 | |
61 | There is no known workaround at this time. All users are advised to |
62 | upgrade to the latest available version of CVS. |
63 | |
64 | Resolution |
65 | ========== |
66 | |
67 | All CVS users should upgrade to the latest stable version: |
68 | |
69 | # emerge sync |
70 | |
71 | # emerge -pv ">=dev-util/cvs-1.11.17" |
72 | # emerge ">=dev-util/cvs-1.11.17" |
73 | |
74 | References |
75 | ========== |
76 | |
77 | [ 1 ] E-matters Advisory 09/2004 |
78 | http://security.e-matters.de/advisories/092004.html |
79 | [ 2 ] CAN-2004-0414 |
80 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0414 |
81 | [ 3 ] CAN-2004-0416 |
82 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0416 |
83 | [ 4 ] CAN-2004-0417 |
84 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0417 |
85 | [ 5 ] CAN-2004-0418 |
86 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0418 |
87 | |
88 | Availability |
89 | ============ |
90 | |
91 | This GLSA and any updates to it are available for viewing at |
92 | the Gentoo Security Website: |
93 | |
94 | http://security.gentoo.org/glsa/glsa-200406-06.xml |
95 | |
96 | Concerns? |
97 | ========= |
98 | |
99 | Security is a primary focus of Gentoo Linux and ensuring the |
100 | confidentiality and security of our users machines is of utmost |
101 | importance to us. Any security concerns should be addressed to |
102 | security@g.o or alternatively, you may file a bug at |
103 | http://bugs.gentoo.org. |
104 | |
105 | License |
106 | ======= |
107 | |
108 | Copyright 2004 Gentoo Technologies, Inc; referenced text |
109 | belongs to its owner(s). |
110 | |
111 | The contents of this document are licensed under the |
112 | Creative Commons - Attribution / Share Alike license. |
113 | |
114 | http://creativecommons.org/licenses/by-sa/1.0 |