CVS: Multiple vulnerabilities — GLSA 200504-16

Several serious vulnerabilities have been found in CVS, which may allow an attacker to remotely compromise a CVS server or cause a DoS.

Affected Packages

dev-util/cvs on all architectures
Affected versions < 1.11.20
Unaffected versions >= 1.11.20

Background

CVS (Concurrent Versions System) is an open-source network-transparent version control system. It contains both a client utility and a server.

Description

Alen Zukich has discovered several serious security issues in CVS, including at least one buffer overflow (CAN-2005-0753), memory leaks and a NULL pointer dereferencing error. Furthermore when launching trigger scripts CVS includes a user controlled directory.

Impact

An attacker could exploit these vulnerabilities to cause a Denial of Service or execute arbitrary code with the permissions of the CVS pserver or the authenticated user (depending on the connection method used).

Workaround

There is no known workaround at this time.

Resolution

All CVS users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-util/cvs-1.11.20"

References

Release Date
April 18, 2005

Latest Revision
April 22, 2005: 03

Severity
high

Exploitable
remote

Bugzilla entries