Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up to 1.12.7, when using the pserver mechanism allows remote attackers to execute arbitrary code via Entry lines.
References
Link Providers
ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2004-008.txt.asc cve-icon cve-icon
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:10.cvs.asc cve-icon cve-icon
http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0980.html cve-icon cve-icon
http://cert.uni-stuttgart.de/archive/bugtraq/2004/05/msg00219.html cve-icon cve-icon
http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021742.html cve-icon cve-icon
http://marc.info/?l=bugtraq&m=108498454829020&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=108500040719512&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=108636445031613&w=2 cve-icon cve-icon
http://marc.info/?l=openbsd-security-announce&m=108508894405639&w=2 cve-icon cve-icon
http://secunia.com/advisories/11641 cve-icon cve-icon
http://secunia.com/advisories/11647 cve-icon cve-icon
http://secunia.com/advisories/11651 cve-icon cve-icon
http://secunia.com/advisories/11652 cve-icon cve-icon
http://secunia.com/advisories/11674 cve-icon cve-icon
http://security.e-matters.de/advisories/072004.html cve-icon cve-icon
http://security.gentoo.org/glsa/glsa-200405-12.xml cve-icon cve-icon
http://www.ciac.org/ciac/bulletins/o-147.shtml cve-icon cve-icon
http://www.debian.org/security/2004/dsa-505 cve-icon cve-icon
http://www.kb.cert.org/vuls/id/192038 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDKSA-2004:048 cve-icon cve-icon
http://www.osvdb.org/6305 cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2004-190.html cve-icon cve-icon
http://www.securityfocus.com/bid/10384 cve-icon cve-icon
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.395865 cve-icon cve-icon
http://www.us-cert.gov/cas/techalerts/TA04-147A.html cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/16193 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2004-0396 cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9058 cve-icon cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A970 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2004-0396 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2004-05-20T04:00:00

Updated: 2024-08-08T00:17:14.626Z

Reserved: 2004-04-13T00:00:00

Link: CVE-2004-0396

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2004-06-14T04:00:00.000

Modified: 2024-11-20T23:48:29.723

Link: CVE-2004-0396

cve-icon Redhat

Severity : Critical

Publid Date: 2004-05-19T00:00:00Z

Links: CVE-2004-0396 - Bugzilla