FreeBSD : cvs -- numerous vulnerabilities (d2102505-f03d-11d8-81b0-000347a4fa7d)

critical Nessus Plugin ID 37427

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

A number of vulnerabilities were discovered in CVS by Stefan Esser, Sebastian Krahmer, and Derek Price.

- Insufficient input validation while processing 'Entry' lines.
(CVE-2004-0414)

- A double-free resulting from erroneous state handling while processing 'Argumentx' commands. (CVE-2004-0416)

- Integer overflow while processing 'Max-dotdot' commands.
(CVE-2004-0417)

- Erroneous handling of empty entries handled while processing 'Notify' commands. (CVE-2004-0418)

- A format string bug while processing CVS wrappers.

- Single-byte buffer underflows while processing configuration files from CVSROOT.

- Various other integer overflows.

Additionally, iDEFENSE reports an undocumented command-line flag used in debugging does not perform input validation on the given path names.

CVS servers ('cvs server' or :pserver: modes) are affected by these vulnerabilities. They vary in impact but include information disclosure (the iDEFENSE-reported bug), denial-of-service (CVE-2004-0414, CVE-2004-0416, CVE-2004-0417 and other bugs), or possibly arbitrary code execution (CVE-2004-0418). In very special situations where the attacker may somehow influence the contents of CVS configuration files in CVSROOT, additional attacks may be possible.

Solution

Update the affected package.

See Also

http://www.nessus.org/u?1215cc0e

http://www.nessus.org/u?4b00c0a7

http://www.nessus.org/u?0bc5291b

Plugin Details

Severity: Critical

ID: 37427

File Name: freebsd_pkg_d2102505f03d11d881b0000347a4fa7d.nasl

Version: 1.22

Type: local

Published: 4/23/2009

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:cvs%2bipv6, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/17/2004

Vulnerability Publication Date: 5/20/2004

Reference Information

CVE: CVE-2004-0414, CVE-2004-0416, CVE-2004-0417, CVE-2004-0418, CVE-2004-0778

BID: 10499

CWE: 119

FreeBSD: SA-04:14.cvs

Secunia: 11817, 12309