Oval Definition:oval:org.mitre.oval:def:1003
Revision Date:2004-08-04Version:3
Title:CVS serve_notify Improper Handling of Empty Data Lines
Description:serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical program data.
Family:unixClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2004-0418
Platform(s):Red Hat Enterprise Linux 3
Product(s):CVS
Definition Synopsis
  • Software section
  • Red Hat Enterprise 3 is installed
  • AND cvs rpm version prior to 1.11.2-24 is installed
  • AND Configuration section
  • /usr/bin/cvs is executable
  • /usr/bin/cvs is executable
  • OR /usr/bin/cvs is executable
  • OR /usr/bin/cvs is executable
  • BACK