The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of CVS

vulnerability CVE-2017-12836

CVS: code execution via ssh

Synthesis of the vulnerability

An attacker can use a vulnerability via ssh of CVS, in order to run code.
Impacted products: CVS, Debian, Fedora, openSUSE Leap, Ubuntu.
Severity: 2/4.
Consequences: user access/rights.
Provenance: internet server.
Creation date: 11/08/2017.
Identifiers: CVE-2017-12836, DLA-1056-1, DSA-3940-1, FEDORA-2017-97eb475d93, FEDORA-2017-e5a78c5ca9, openSUSE-SU-2017:2483-1, USN-3399-1, VIGILANCE-VUL-23510.

Description of the vulnerability

An attacker can use a vulnerability via ssh of CVS, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2012-0804

CVS: buffer overflow via proxy_connect

Synthesis of the vulnerability

When the CVS client uses a malicious HTTP proxy, it can generate an overflow in the client, in order to stop it, or to execute code.
Impacted products: CVS, Debian, Fedora, Mandriva Linux, openSUSE, Solaris, RHEL.
Severity: 2/4.
Consequences: user access/rights, denial of service on client.
Provenance: intranet server.
Creation date: 09/02/2012.
Identifiers: 784141, BID-51943, CERTA-2012-AVI-098, CVE-2012-0804, DSA-2407-1, FEDORA-2012-1383, FEDORA-2012-1400, MDVSA-2012:044, openSUSE-SU-2012:0310-1, RHSA-2012:0321-01, VIGILANCE-VUL-11349.

Description of the vulnerability

The CVS client can be configured to use an HTTP proxy, in order to connect to a remote CVS server.

The proxy_connect() function of the src/client.c file analyzes the HTTP reply of the proxy, which is for example:
  HTTP/1.0 200 OK
  [...]
In order to do so, it calls the sscanf() function, to split the reply as the "HTTP/1.0" string followed by the error code (200 in the example).

However, if the string before the error code is too long, a buffer overflow occurs.

When the CVS client uses a malicious HTTP proxy, it can therefore generate an overflow in the client, in order to stop it, or to execute code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2010-3846

CVS: integer overflow via RCS

Synthesis of the vulnerability

An attacker can upload a malicious RCS file in a CVS repository, in order to execute code on computers of CVS clients.
Impacted products: CVS, Fedora, RHEL.
Severity: 2/4.
Consequences: user access/rights.
Provenance: intranet server.
Creation date: 29/10/2010.
Identifiers: 642146, BID-44528, CVE-2010-3846, FEDORA-2010-16599, FEDORA-2010-16600, FEDORA-2010-16721, RHSA-2010:0918-01, VIGILANCE-VUL-10085.

Description of the vulnerability

An RCS (Revision Control System) file describes changes which occurred on a file.

When an RCS file is localed in a repository, if the CVS client does a "checkout" to create a local copy, the CVS client analyzes the RCS file. The rcs.c code then processes changed lines, and stores them in an array. However, the index of this array can overflow, which corrupts the memory.

An attacker can therefore upload a malicious RCS file in a CVS repository, in order to execute code on computers of CVS clients.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about CVS: