>> CVS Remote Buffer Overflow and Denial of Service Vulnerabilities
Title : CVS Remote Buffer Overflow and Denial of Service Vulnerabilities VUPEN ID : VUPEN/ADV-2005-0364 CVE ID : CVE-2005-0753 CWE ID : CWE-
Rated as : Moderate Risk
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2005-04-19
Technical Description
Multiple vulnerabilities were identified in Concurrent Versions System (CVS), which may be exploited by remote attackers to execute arbitrary commands or conduct denial of service attacks. The first flaw is due to an unspecified buffer overflow error, which may be exploited to compromise a vulnerable system. The second vulnerability is due to a NULL pointer dereference, which may be exploited to cause a denial of service (DoS). The third issue resides in the contributed Perl scripts, which may be exploited by a remote attacker to execute arbitrary commands (exploitation requires that the attacker has commit access and one of the contrib scripts has been installed improperly).
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback If you have additional information or corrections for this security advisory please submit them via our contact form.
