CVE-2004-0417

Published: Aug 6, 2004Modified: Apr 16, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space.

Affected (29)

Products: Cvs: Cvs · Openpkg: Openpkg · Sgi: Propack · +2 more

Show all products

Cvs: Cvs · Openpkg: Openpkg · Sgi: Propack · Gentoo: Linux · Openbsd: Openbsd

1 product

1 product

1 product

1 product

1 product

Configuration A

25 vulnerable

Vulnerable Software	Affected Versions
Cvs Cvs	Version 1.10.7
Cvs Cvs	Version 1.10.8
Cvs Cvs	Version 1.11.10
Cvs Cvs	Version 1.11.11
Cvs Cvs	Version 1.11.14
Cvs Cvs	Version 1.11.15
Cvs Cvs	Version 1.11.16
Cvs Cvs	Version 1.11.1
Cvs Cvs	Version 1.11.1_p1
Cvs Cvs	Version 1.11.2
Cvs Cvs	Version 1.11.3
Cvs Cvs	Version 1.11.4
Cvs Cvs	Version 1.11.5
Cvs Cvs	Version 1.11.6
Cvs Cvs	Version 1.11
Cvs Cvs	Version 1.12.1
Cvs Cvs	Version 1.12.2
Cvs Cvs	Version 1.12.5
Cvs Cvs	Version 1.12.7
Cvs Cvs	Version 1.12.8
Openpkg Openpkg	All versions
Openpkg Openpkg	Version 1.3
Openpkg Openpkg	Version 2.0
Sgi Propack	Version 2.4
Sgi Propack	Version 3.0

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Gentoo Linux	Version 1.4
Openbsd Openbsd	All versions
Openbsd Openbsd	Version 3.4
Openbsd Openbsd	Version 3.5

References (20)

ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc (unsafe URL)

Source: cve@mitre.org

http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=108716553923643&w=2

Source: cve@mitre.org

http://security.e-matters.de/advisories/092004.html

Source: cve@mitre.org

http://security.gentoo.org/glsa/glsa-200406-06.xml

Source: cve@mitre.org

Vendor Advisory

http://www.debian.org/security/2004/dsa-519

Source: cve@mitre.org

PatchVendor Advisory

http://www.mandriva.com/security/advisories?name=MDKSA-2004:058

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2004-233.html

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1001

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11145

Source: cve@mitre.org

ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc (unsafe URL)

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=bugtraq&m=108716553923643&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://security.e-matters.de/advisories/092004.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://security.gentoo.org/glsa/glsa-200406-06.xml

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.debian.org/security/2004/dsa-519

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.mandriva.com/security/advisories?name=MDKSA-2004:058

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2004-233.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1001

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11145

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.