APP: CVS Entry Line Tag Heap Overflow

This signature detects attempts to exploit a known vulnerability against Concurrent Versions System (CVS). Because CVS does not handle flag attachments correctly, attackers can send a malicious request to the CVS server to overwrite CVS memory, create a denial-of-service (DoS), or execute arbitrary code. To exploit this vulnerability, the attacker must use valid login ID and password for the CVS server, but an anonymous, read-only account is sufficient.

Extended Description

CVS is prone to a remote heap overflow vulnerability. This issue presents itself during the handling of user-supplied input for entry lines with 'modified' and 'unchanged' flags. This vulnerability can allow an attacker to overflow a vulnerable buffer on the heap, possibly leading to arbitrary code execution. CVS versions 1.11.15 and prior and CVS feature versions 1.12.7 and prior are prone to this issue. **UPDATE: Symantec has confirmed that this vulnerability is being actively exploited in the wild. Administrators are urged to upgrade and block external access to potentially vulnerable servers, if possible.

Affected Products

Cvs cvs

Short Name
APP:CVS:ENTRY-TAG-OF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
CVE-2004-0396 CVS Entry Heap Line Overflow Tag bid:10384
Release Date
05/26/2004
Supported Platforms

srx-branch-19.3

vsrx3bsd-19.2

srx-19.4

vsrx3bsd-19.4

srx-branch-19.4

vsrx-19.4

vsrx-19.2

srx-19.3

srx-branch-12.3

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx-12.3

vmx-19.3

srx-12.3

Sigpack Version
3474
False Positive
Unknown
Vendors

Netbsd

Cvs

Gentoo

CVSS Score

7.5

Found a potential security threat?