CVS malformed directory name "double free" memory corruption

cvs-doublefree-memory-corruption (11108) The risk level is classified as HighHigh Risk

Description:

CVS (Concurrent could allow a remote attacker to cause dynamically allocated memory segments to be released twice. A remote attacker could send a malformed directory request to the system to cause the corruption of internal memory segments, which could result in a memory leak, denial of service, or execution of arbitrary code. On systems that are configured to allow anonymous read-only access to the CVS repository, an attacker could use the information leaked to determine the address of some strings that are required for the read/write access checks, which could allow the attacker to use the Checkin-prog or Update-prog command to bypass write access restrictions and execute arbitrary shell commands on the server.


Consequences:

Gain Access

Remedy:

Upgrade to the latest version of CVS (1.11.5 or later), available from the CVS Web site. See References.

For Red Hat Linux:
Upgrade to the latest CVS packages, as listed below. Refer to RHSA-2003:012-09 for more information. See References.

Red Hat Linux 6.2: 1.11.1p1-8.6 or later
Red Hat Linux 7.0, 7.1, 7.2, and 7.3: 1.11.1p1-8.7 or later
Red Hat Linux 8.0: 1.11.2-8 or later

For OpenPKG:
Upgrade to the latest cvs package, as listed below. Refer to OpenPKG Security Advisory OpenPKG-SA-2003.004 for more information. See References.

OpenPKG Current: 1.11.5-20030121 or later
OpenPKG 1.0: 1.11.1p1-1.0.2 or later
OpenPKG 1.1: 1.11.2-1.1.1 or later

For Debian GNU/Linux:
Upgrade to the latest cvs package, as listed below. Refer to DSA-233-1 for more information. See References.

Debian GNU/Linux 2.2 (potato): 1.10.7-9.2 or later
Debian GNU/Linux 3.0 (woody): 1.11.1p1debian-8.1 or later

For Gentoo Linux:
Upgrade to the latest version (cvs-1.11.5r or later), as listed in Gentoo Linux Security Announcement 200301-12. See References.

For Slackware Linux:
Upgrade to the latest cvs package, as listed below. Refer to slackware-security Mailing List, Tue 21 Jan 2003 14:26:20 -0800 (PST) for more information. See References.

Slackware Linux 8.1 and current: cvs-1.11.5-i386-1 or later

For Conectiva Linux:
Upgrade to the latest cvs package, as listed below. Refer to Conectiva Linux Announcement CLSA-2003:561 for more information. See References.

Conectiva Linux 6.0: 1.10.8-5U60_4cl or later
Conectiva Linux 7.0: 1.11-7U70_3cl or later
Conectiva Linux 8.0: 1.11-9U80_3cl or later

For Mandrake Linux:
Upgrade to the latest cvs package, as listed below. Refer to MandrakeSoft Security Advisory MDKSA-2003:009:cvs for more information. See References.

Mandrake Linux 7.2, 8.0, 8.1, 8.2, 9.0, and Single Network Firewall 7.2: 1.11.4-2.2mdk or later

For SuSE Linux:
Upgrade to the latest cvs package, as listed below. Refer to SuSE Security Announcement SuSE-SA:2003:0007 for more information. See References.

SuSE Linux 8.0 and 8.1 (Intel): 1.11.1p1-235 or later
SuSE Linux 7.1 and 7.3 (Intel): 1.11-230 or later
SuSE Linux 7.2 (Intel): 1.11-231 or later
SuSE Linux 7.3 (Sparc): 1.11-103 or later
SuSE Linux 7.1 (AXP): 1.11-106 or later
SuSE Linux 7.1 and 7.3 (PPC): 1.11-115 or later

For Caldera OpenLinux 3.1 and 3.1.1 (Workstation and Server):
Upgrade to the latest cvs package (1.11-9 or later), as listed in SCO Security Advisory CSSA-2003-0006. See References.

For FreeBSD:
Apply the patch for this vulnerability, as listed in FreeBSD, Inc. Security Advisory FreeBSD-SA-03:01.cvs. See References.

For Immunix OS 7+:
Upgrade to the latest version of cvs (1.11.1p1-4_imnx_2 or later), as listed in Immunix OS Security Advisory IMNX-2003-7+-004-01. See References.

For Sun Linux 5.0.3:
Upgrade to the latest cvs package (1.11.1p1-8.7 or later), as listed in Sun Alert ID: 50439. See References.

For other distributions:
Contact your vendor for upgrade or patch information.

References:

Platforms Affected:

  • Conectiva Linux 6.0
  • Conectiva Linux 7.0
  • Conectiva Linux 8.0
  • CVS, Derek Price CVS (Concurrent Versions System) 1.11.4 and prior
  • Debian Debian Linux 2.2
  • Debian Debian Linux 3.0
  • FreeBSD FreeBSD 4.0
  • FreeBSD FreeBSD 4.1
  • FreeBSD FreeBSD 4.1.1
  • FreeBSD FreeBSD 4.2
  • FreeBSD FreeBSD 4.3
  • FreeBSD FreeBSD 4.4
  • FreeBSD FreeBSD 4.5
  • FreeBSD FreeBSD 4.6
  • FreeBSD FreeBSD 4.6.1
  • Gentoo Linux
  • Immunix Immunix OS 7+-beta
  • MandrakeSoft Mandrake Linux 7.2
  • MandrakeSoft Mandrake Linux 8.0
  • MandrakeSoft Mandrake Linux 8.0 PPC
  • MandrakeSoft Mandrake Linux 8.1 IA64
  • MandrakeSoft Mandrake Linux 8.1
  • MandrakeSoft Mandrake Linux 8.2
  • MandrakeSoft Mandrake Linux 8.2 PPC
  • MandrakeSoft Mandrake Linux 9.0
  • MandrakeSoft Mandrake Single Network Firewall 7.2
  • Novell SuSE Linux Enterprise Server 7.0
  • OpenPKG OpenPKG 1.0
  • OpenPKG OpenPKG 1.1
  • OpenPKG OpenPKG CURRENT
  • RedHat Enterprise Linux 2.1 AS
  • RedHat Linux 6.2
  • RedHat Linux 7
  • RedHat Linux 7.1
  • RedHat Linux 7.1 for iSeries
  • RedHat Linux 7.1 for pSeries
  • RedHat Linux 7.2
  • RedHat Linux 7.3
  • RedHat Linux 8.0
  • RedHat Linux Advanced Workstation 2.1 Itanium
  • SCO Caldera OpenLinux Server 3.1
  • SCO Caldera OpenLinux Server 3.1.1
  • SCO Caldera OpenLinux Workstation 3.1
  • SCO Caldera OpenLinux Workstation 3.1.1
  • Slackware Slackware Linux 8.1
  • Slackware Slackware Linux current
  • Sun Cobalt CacheRaQ 3
  • Sun Cobalt CacheRaQ 4
  • Sun Cobalt Qube 2
  • Sun Cobalt Qube 3
  • Sun Cobalt RaQ 2
  • Sun Cobalt RaQ 3
  • Sun Cobalt RaQ 4
  • Sun Cobalt RaQ 550
  • Sun Cobalt RaQ XTR
  • Sun Linux 5.0.3
  • SuSE Linux Enterprise Server 8
  • SuSE SuSE eMail Server 3.1
  • SuSE SuSE eMail Server III
  • SUSE SuSE Linux 7.1
  • SUSE SuSE Linux 7.2
  • SUSE SuSE Linux 7.3
  • SUSE SuSE Linux 8.0
  • SUSE SuSE Linux 8.1
  • SuSE SuSE Linux Connectivity Server
  • SuSE SuSE Linux Database Server
  • SuSE SuSE Linux Firewall
  • SuSE SuSE Linux Office Server
  • Turbolinux Turbolinux 7 Server
  • Turbolinux Turbolinux 7 Workstation
  • Turbolinux Turbolinux 8 Server
  • Turbolinux Turbolinux 8 Workstation
  • Turbolinux Turbolinux Advanced Server 6
  • Turbolinux Turbolinux Server 6.1
  • Turbolinux Turbolinux Server 6.5

Reported:

Jan 20, 2003

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this

Return to the main page