Test ID:	1.3.6.1.4.1.25623.1.0.50539
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDKSA-2004:058 (cvs)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to cvs announced via advisory MDKSA-2004:058. Another vulnerability was discovered related to Entry lines in cvs, by the development team (CVE-2004-0414). As well, Stefan Esser and Sebastian Krahmer performed an audit on the cvs source code and discovered a number of other problems, including: A double-free condition in the server code is exploitable (CVE-2004-0416). By sending a large number of arguments to the CVS server, it is possible to cause it to allocate a huge amount of memory which does not fit into the address space, causing an error (CVE-2004-0417). It was found that the serve_notify() function would write data out of bounds (CVE-2004-0418). The provided packages update cvs to 1.11.16 and include patches to correct all of these problems. Affected versions: 10.0, 9.1, 9.2, Corporate Server 2.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2004:058 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0414 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0416 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0417 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0418 Risk factor : Critical CVSS Score: 10.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0414 Bugtraq: 20040611 [OpenPKG-SA-2004.027] OpenPKG Security Advisory (cvs) (Google Search) http://marc.info/?l=bugtraq&m=108716553923643&w=2 Debian Security Information: DSA-517 (Google Search) http://www.debian.org/security/2004/dsa-517 http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html http://security.gentoo.org/glsa/glsa-200406-06.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:058 http://security.e-matters.de/advisories/092004.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10575 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A993 http://www.redhat.com/support/errata/RHSA-2004-233.html SGI Security Advisory: 20040604-01-U ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc SGI Security Advisory: 20040605-01-U ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc SuSE Security Announcement: SuSE-SA:2004:015 (Google Search) Common Vulnerability Exposure (CVE) ID: CVE-2004-0416 Debian Security Information: DSA-519 (Google Search) http://www.debian.org/security/2004/dsa-519 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10070 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A994 Common Vulnerability Exposure (CVE) ID: CVE-2004-0417 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1001 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11145 Common Vulnerability Exposure (CVE) ID: CVE-2004-0418 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1003 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11242
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.