Release DateSep 16, 2011 |
Severityhigh |
ImpactSystem compromise: Remote code execution. |
DescriptionThis indicates an attempt to exploit a vulnerability in Concurrent Versions System (CVS) servers.The issue exists due to insufficient boundary checks by the application. A remote attacker can cause a heap overflow in the code that decides if a CVS entry line should have a "modified" or "unchanged" flag set. As a result the attacker may be able to execute arbitrary code on the system. |
Affected ProductsCVS version 1.12.7 and earlier. |
Recommended ActionsUpdate to CVS version 1.12. or newer. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2004-0396 |
Reference/shttp://www.securityfocus.com/bid/10384 (BugTraq) |
