APP: CVS Author Name Overflow
This signature detects attempts to exploit a known vulnerability against CVS versions prior to 1.11.20. A successful attack can lead to arbitrary malicious code execution within the context of the CVS server.
Extended Description
CVS is prone to unspecified buffer overflow, memory access vulnerabilities, and a NULL pointer dereference denial of service. It is conjectured that the issues may be leveraged by a remote authenticated user to disclose regions of the CVS process memory, and to corrupt CVS process memory. The two issues combined may lead to a remote attacker reliably executing arbitrary code in the context of the vulnerable process, although this is not confirmed. This BID will be updated as soon as further information is made available.
Affected Products
Freebsd freebsd
Short Name
APP:CVS:CVS-AUTHOR-OF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
Author CVE-2005-0753 CVS Name Overflow bid:13217
Release Date
04/28/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3339
Port
TCP/514,2401
False Positive
Unknown
Vendors
Red_hat
Conectiva
Suse
Gentoo
Turbolinux
Cvs
Sgi
Peachtree
Freebsd
Ubuntu
Openbsd
Netbsd
Debian
CVSS Score
7.5