Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2004-0416

Published: 06/08/2004 Updated: 03/05/2018
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Cvs

Vulnerability Summary

Double free vulnerability for the error_prog_name string in CVS 1.12.x up to and including 1.12.8, and 1.11.x up to and including 1.11.16, may allow remote malicious users to execute arbitrary code.

Vulnerable Product Search on Vulmon Subscribe to Product

cvs cvs 1.10.7

cvs cvs 1.10.8

cvs cvs 1.11

cvs cvs 1.11.16

cvs cvs 1.11.2

cvs cvs 1.12.5

cvs cvs 1.12.7

cvs cvs 1.11.10

cvs cvs 1.11.11

cvs cvs 1.11.5

cvs cvs 1.11.6

openpkg openpkg 1.3

openpkg openpkg 2.0

cvs cvs 1.11.14

cvs cvs 1.11.15

cvs cvs 1.12.1

cvs cvs 1.12.2

sgi propack 2.4

sgi propack 3.0

cvs cvs 1.11.1

cvs cvs 1.11.1_p1

cvs cvs 1.11.3

cvs cvs 1.11.4

cvs cvs 1.12.8

openpkg openpkg

gentoo linux 1.4

openbsd openbsd

openbsd openbsd 3.4

openbsd openbsd 3.5

Vendor Advisories

Red Hat: cvs security update
Synopsis cvs security update Type/Severity Security Advisory: Critical Topic An updated cvs package that fixes several server vulnerabilities, which couldbe exploited by a malicious client, is now available Description CVS is a version control system frequently used to manage source codere ...

Exploits

Exploit DB: Remote CVS 1.11.15 - 'error_prog_name' Arbitrary Code Execution
/* Remote CVS <= 11115 exploit for the error_prog_name double free vuln * * by Gyan Chawdhary, gunnu45@hotmailcom * * Vulnerability Description: * * The Vulnerability lies in the serve_argumentx function The Argumentx command * parameter is used to append data to a previously supplied Argument command * These data pointers are st ...

References

CWE-119http://www.debian.org/security/2004/dsa-519http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.htmlhttp://security.e-matters.de/advisories/092004.htmlhttp://security.gentoo.org/glsa/glsa-200406-06.xmlhttp://www.redhat.com/support/errata/RHSA-2004-233.htmlftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.ascftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.aschttp://www.mandriva.com/security/advisories?name=MDKSA-2004:058http://marc.info/?l=bugtraq&m=108716553923643&w=2https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A994https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10070https://access.redhat.com/errata/RHSA-2004:233https://nvd.nist.govhttps://www.exploit-db.com/exploits/392/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook