Overview
A "double-free" vulnerability in the Concurrent Versions System (CVS) server could allow a remote attacker to execute arbitrary code or commands or cause a denial of service on a vulnerable system.
Description
CVS is a source code maintenance system that is widely used by open-source software development projects. The CVS server component contains a "double-free" vulnerability that can be triggered by a set of specially crafted directory change requests. While processing these requests, an error checking routine may attempt to free() the same memory reference more than once. Deallocating the already freed memory can lead to heap corruption, which may be leveraged by an attacker to execute arbitrary code. The CVS server process is commonly started by the Internet services daemon (inetd) and run with root privileges. |
Impact
Depending on configuration, operating system, and platform architecture, a remote attacker with anonymous read-only access to a vulnerable CVS server could execute arbitrary code, read sensitive information, or cause a denial of service. There is a significant secondary impact in that source code maintained in CVS repositories could be modified to include trojan horses, backdoors, or other malicious code. |
Solution
|
Disable CVS Server
|
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
This vulnerability was publicly reported by Stefan Esser of e-matters.
This document was written by Art Manion.
Other Information
| CVE IDs: | CVE-2003-0015 |
| CERT Advisory: | CA-2003-02 |
| Severity Metric: | 40.10 |
| Date Public: | 2003-01-20 |
| Date First Published: | 2003-01-21 |
| Date Last Updated: | 2003-08-20 20:12 UTC |
| Document Revision: | 33 |