Boletines de Vulnerabilidades |
Heap Overflow remoto en CVS |
|
Clasificación de la vulnerabilidad |
|
| Propiedad | Valor |
| Nivel de Confianza | Oficial |
| Impacto | Obtener acceso |
| Dificultad | Principiante |
| Requerimientos del atacante | Acceso remoto sin cuenta a un servicio estandar |
Información sobre el sistema |
|
| Propiedad | Valor |
| Fabricant afectat | GNU/Linux |
| Software afectado |
CVS <=1.12.7 CVS <=1.11.15 |
Descripción |
|
|
Se ha descubierto un desbordamiento de búfer (en la zona de heap) en las versiones 1.11.15, 1.12.7 y anteriores de CVS server. La vulnerabilidad reside en el manejo de las líneas "Entry" por parte del servidor CVS. La explotación de esta vulnerabilidad podría permitir a un atacante remoto con acceso al servidor CVS ejecutar código remotamente con los privilegios con que esté corriendo el servidor CVS. |
|
Solución |
|
|
Si lo desea, aplique los mecanismos de actualización propios de su distribución, o bien baje las fuentes del software y compílelo usted mismo. Actualización de software CVS CVS 1.12.7 CVS 1.11.15 http://ccvs.cvshome.org/servlets/ProjectDownloadList Red Hat Linux Red Hat Desktop (v. 3) AMD64 cvs-1.11.2-22.x86_64.rpm SRPMS cvs-1.11.2-22.src.rpm i386 cvs-1.11.2-22.i386.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux AS (v. 2.1) SRPMS cvs-1.11.1p1-14.src.rpm i386 cvs-1.11.1p1-14.i386.rpm ia64 cvs-1.11.1p1-14.ia64.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux AS (v. 3) AMD64 cvs-1.11.2-22.x86_64.rpm SRPMS cvs-1.11.2-22.src.rpm i386 cvs-1.11.2-22.i386.rpm ia64 cvs-1.11.2-22.ia64.rpm ppc cvs-1.11.2-22.ppc.rpm ppc64 cvs-1.11.2-22.ppc64.rpm s390 cvs-1.11.2-22.s390.rpm s390x cvs-1.11.2-22.s390x.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux ES (v. 2.1) SRPMS cvs-1.11.1p1-14.src.rpm i386 cvs-1.11.1p1-14.i386.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux ES (v. 3) AMD64 cvs-1.11.2-22.x86_64.rpm SRPMS cvs-1.11.2-22.src.rpm i386 cvs-1.11.2-22.i386.rpm ia64 cvs-1.11.2-22.ia64.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux WS (v. 2.1) SRPMS cvs-1.11.1p1-14.src.rpm i386 cvs-1.11.1p1-14.i386.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux WS (v. 3) AMD64 cvs-1.11.2-22.x86_64.rpm SRPMS cvs-1.11.2-22.src.rpm i386 cvs-1.11.2-22.i386.rpm ia64 cvs-1.11.2-22.ia64.rpm https://rhn.redhat.com/ Red Hat Linux Advanced Workstation 2.1 Itanium Processor SRPMS cvs-1.11.1p1-14.src.rpm ia64 cvs-1.11.1p1-14.ia64.rpm https://rhn.redhat.com/ Debian Linux Debian Linux 3.0 Source http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4.dsc http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4.diff.gz http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian.orig.tar.gz Alpha http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4_alpha.deb ARM http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4_arm.deb Intel IA-32 http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4_i386.deb Intel IA-64 http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4_ia64.deb HP Precision http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4_hppa.deb Motorola 680x0 http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4_m68k.deb Big endian MIPS http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4_mips.deb Little endian MIPS http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4_mipsel.deb PowerPC http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4_powerpc.deb IBM S/390 http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4_s390.deb Sun Sparc http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4_sparc.deb Mandrake Linux Mandrakelinux 9.1 i386 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/RPMS/cvs-1.11.14-0.2.91mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/SRPMS/cvs-1.11.14-0.2.91mdk.src.rpm PPC ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/RPMS/cvs-1.11.14-0.2.91mdk.ppc.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/SRPMS/cvs-1.11.14-0.2.91mdk.src.rpm Mandrakelinux 9.2 i386 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/cvs-1.11.14-0.2.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/SRPMS/cvs-1.11.14-0.2.92mdk.src.rpm AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/cvs-1.11.14-0.2.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/SRPMS/cvs-1.11.14-0.2.92mdk.src.rpm Mandrakelinux 10.0 i386 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/cvs-1.11.14-0.2.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/cvs-1.11.14-0.2.100mdk.src.rpm AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/cvs-1.11.14-0.2.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/SRPMS/cvs-1.11.14-0.2.100mdk.src.rpm Mandrake Corporate Server 2.1 i386 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/cvs-1.11.14-0.2.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/SRPMS/cvs-1.11.14-0.2.C21mdk.src.rpm x86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/cvs-1.11.14-0.2.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/SRPMS/cvs-1.11.14-0.2.C21mdk.src.rpm SuSE Linux SuSE-9.1 Intel i386 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/cvs-1.11.14-24.3.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/cvs-1.11.14-24.3.i586.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/cvs-1.11.14-24.3.src.rpm Opteron x86_64 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/cvs-1.11.14-24.3.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/cvs-1.11.14-24.3.x86_64.patch.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/cvs-1.11.14-24.3.src.rpm SuSE-9.0 Intel i386 ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/cvs-1.11.6-81.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/cvs-1.11.6-81.i586.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/cvs-1.11.6-81.src.rpm Opteron x86_64 ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/cvs-1.11.6-81.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/cvs-1.11.6-81.x86_64.patch.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/cvs-1.11.6-81.src.rpm SuSE-8.2 Intel i386 ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/cvs-1.11.5-112.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/cvs-1.11.5-112.i586.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/cvs-1.11.5-112.src.rpm SuSE-8.1 Intel i386 ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/cvs-1.11.1p1-329.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/cvs-1.11.1p1-329.i586.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/src/cvs-1.11.1p1-329.src.rpm SuSE-8.0 Intel i386 ftp://ftp.suse.com/pub/suse/i386/update/8.0/d3/cvs-1.11.1p1-329.i386.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.0/d3/cvs-1.11.1p1-329.i386.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/cvs-1.11.1p1-329.src.rpm FreeBSD FreeBSD 4.7, 4.8, 4.9, 4.10, 5.0, 5.1, 5.2 ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:10/cvs.patch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:10/cvs.patch.asc OpenBSD OpenBSD 3.5 ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/007_cvs2.patch OpenBSD 3.4 ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/021_cvs2.patch NetBSD NetBSD 1.6, 1.6.1, 1.6.2, 2.0, 2.0.2 Instalar Parches o actualizar a NetBSD 2.1 o 2.0.3 http://www.netbsd.org |
|
Identificadores estándar |
|
| Propiedad | Valor |
| CVE | CAN-2004-0396 |
| BID | |
Recursos adicionales |
|
|
e-matters Security Advisory 07/2004 http://security.e-matters.de/advisories/072004.html Red Hat Security Advisory RHSA-2004:190-14 https://rhn.redhat.com/errata/RHSA-2004-190.html Debian Security Advisory DSA 505-1 http://lists.debian.org/debian-security-announce/debian-security-announce-2004/msg00105.html Mandrakesoft Security Advisory MDKSA-2004:048 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:048 SuSE Security Advisory SuSE-SA:2004:013 http://www.suse.de/de/security/2004_13_cvs.html FreeBSD Security Advisory FreeBSD-SA-04:10.cvs ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:10.cvs.asc OpenBSD Security Advisories http://www.openbsd.org/security.html NetBSD Security Advisory 2004-008 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-008.txt.asc NetBSD Security Advisory 2005-006 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2005-006.txt.asc |
|
Histórico de versiones |
||
| Versión | Comentario | Data |
| 1.0 | Aviso emitido | 2004-05-19 |
| 1.1 | Aviso emitido por Debian (505-1). Aviso emitido por Mandrake (MDKSA-2004:048). Aviso emitido por SuSE (SuSE-SA:2004:013). Aviso emitido por FreeBSD (FreeBSD-SA-04:10.cvs). | 2004-05-21 |
| 1.2 | Aviso emitido por OpenBSD | 2004-05-21 |
| 2.0 | Exploit público disponible | 2004-05-24 |
| 2.1 | Aviso emitido por NetBSD (2004-008) | 2004-06-04 |
| 2.2 | Aviso emitido por NetBSD (2005-006) | 2005-11-07 |