FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

cvs pserver remote heap buffer overflow

Affected packages
5.2 <= FreeBSD < 5.2_7
5.1 <= FreeBSD < 5.1_17
5.0 <= FreeBSD < 5.0_21
4.9 <= FreeBSD < 4.9_8
4.8 <= FreeBSD < 4.8_21
4.0 <= FreeBSD < 4.7_27

Details

VuXML ID f93be979-a992-11d8-aecc-000d610a3b12
Discovery 2004-05-02
Entry 2004-05-19

Due to a programming error in code used to parse data received from the client, malformed data can cause a heap buffer to overflow, allowing the client to overwrite arbitrary portions of the server's memory.

A malicious CVS client can exploit this to run arbitrary code on the server at the privilege level of the CVS server software.

References

CVE Name CVE-2004-0396
FreeBSD Advisory SA-04:10.cvs