A local overflow exists in CVS stable and CVS feature. CVS fails to adequately handle configuration files stored in CVSROOT containing empty lines, resulting in a single byte underflow. By providing such a formatted configuration file, an attacker can trigger the issue, resulting in a loss of availability and possibly other effects. It should be noted that only users with the COMMIT privilege can properly exploit this issue. It is further reported that only big-endian architectures (eg, SPARC, as opposed to Intel) should be affected adversely by this problem.

Upgrade to CVS stable 1.11.17, or CVS feature 1.12.9, or higher, as it has been reported to fix this vulnerability. Also, refrain from giving untrusted users COMMIT access to CVS.

• Secunia Advisory ID: 11817 11818 11820 11822 11826 11829 11834 11842 11850 11853 12598 17389
• CVE ID: 2004-0414 (see also: NVD)
• Related OSVDB ID: 6830 6831 6832 6833 6834 6835
• Other Advisory URL: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:14.cvs.asc http://rhn.redhat.com/errata/RHSA-2004-233.html
  http://security.e-matters.de/advisories/092004.html
  http://www.suse.de/de/security/2004_15_cvs.html
• Vendor Specific Advisory URL: ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2005-006.txt.asc http://www.debian.org/security/2004/dsa-517
  http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:058
  http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.427370
• Vendor Specific Solution URL: http://www.gentoo.org/security/en/glsa/glsa-200406-06.xml
• Packet Storm: http://www.packetstormsecurity.org/0405-exploits/cvs_linux_freebsd_HEAP.c
  http://www.packetstormsecurity.org/0405-exploits/cvs_solaris_HEAP.c

Unknown or Incomplete