CVE-2004-0418

Published: Aug 6, 2004Modified: Apr 16, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical program data.

Affected (29)

Products: Cvs: Cvs · Openpkg: Openpkg · Sgi: Propack · +2 more

Show all products

Cvs: Cvs · Openpkg: Openpkg · Sgi: Propack · Gentoo: Linux · Openbsd: Openbsd

1 product

1 product

1 product

1 product

1 product

Configuration A

25 vulnerable

Vulnerable Software	Affected Versions
Cvs Cvs	Version 1.10.7
Cvs Cvs	Version 1.10.8
Cvs Cvs	Version 1.11.10
Cvs Cvs	Version 1.11.11
Cvs Cvs	Version 1.11.14
Cvs Cvs	Version 1.11.15
Cvs Cvs	Version 1.11.16
Cvs Cvs	Version 1.11.1
Cvs Cvs	Version 1.11.1_p1
Cvs Cvs	Version 1.11.2
Cvs Cvs	Version 1.11.3
Cvs Cvs	Version 1.11.4
Cvs Cvs	Version 1.11.5
Cvs Cvs	Version 1.11.6
Cvs Cvs	Version 1.11
Cvs Cvs	Version 1.12.1
Cvs Cvs	Version 1.12.2
Cvs Cvs	Version 1.12.5
Cvs Cvs	Version 1.12.7
Cvs Cvs	Version 1.12.8
Openpkg Openpkg	All versions
Openpkg Openpkg	Version 1.3
Openpkg Openpkg	Version 2.0
Sgi Propack	Version 2.4
Sgi Propack	Version 3.0

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Gentoo Linux	Version 1.4
Openbsd Openbsd	All versions
Openbsd Openbsd	Version 3.4
Openbsd Openbsd	Version 3.5

References (22)

ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc (unsafe URL)

Source: cve@mitre.org

ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc (unsafe URL)

Source: cve@mitre.org

http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=108716553923643&w=2

Source: cve@mitre.org

http://security.e-matters.de/advisories/092004.html

Source: cve@mitre.org

http://security.gentoo.org/glsa/glsa-200406-06.xml

Source: cve@mitre.org

Vendor Advisory

http://www.debian.org/security/2004/dsa-519

Source: cve@mitre.org

PatchVendor Advisory

http://www.mandriva.com/security/advisories?name=MDKSA-2004:058

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2004-233.html

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1003

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11242

Source: cve@mitre.org

ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc (unsafe URL)

Source: af854a3a-2127-422b-91ae-364da2661108

ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc (unsafe URL)

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=bugtraq&m=108716553923643&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://security.e-matters.de/advisories/092004.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://security.gentoo.org/glsa/glsa-200406-06.xml

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.debian.org/security/2004/dsa-519

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.mandriva.com/security/advisories?name=MDKSA-2004:058

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2004-233.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1003

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11242

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.