diff options
Diffstat (limited to 'share/security/advisories/FreeBSD-SA-04:14.cvs.asc')
-rw-r--r-- | share/security/advisories/FreeBSD-SA-04:14.cvs.asc | 182 |
1 files changed, 0 insertions, 182 deletions
diff --git a/share/security/advisories/FreeBSD-SA-04:14.cvs.asc b/share/security/advisories/FreeBSD-SA-04:14.cvs.asc deleted file mode 100644 index d9611faea5..0000000000 --- a/share/security/advisories/FreeBSD-SA-04:14.cvs.asc +++ /dev/null @@ -1,182 +0,0 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA1 - -============================================================================= -FreeBSD-SA-04:14.cvs.asc Security Advisory - The FreeBSD Project - -Topic: CVS - -Category: contrib -Module: cvs -Announced: 2004-09-19 -Credits: Stefan Esser, Sebastian Krahmer, Derek Price - iDEFENSE -Affects: All FreeBSD versions -Corrected: 2004-06-29 16:10:50 UTC (RELENG_4) - 2004-09-19 22:26:22 UTC (RELENG_4_10, 4.10-RELEASE-p3) - 2004-09-19 22:27:36 UTC (RELENG_4_9, 4.9-RELEASE-p12) - 2004-09-19 22:28:14 UTC (RELENG_4_8, 4.8-RELEASE-p25) - 2004-09-19 22:37:10 UTC (RELENG_5_2, 5.2.1-RELEASE-p10) -CVE Name: CAN-2004-0414, CAN-2004-0416, CAN-2004-0417, CAN-2004-0418, - CAN-2004-0778 -FreeBSD only: NO - -For general information regarding FreeBSD Security Advisories, -including descriptions of the fields above, security branches, and the -following sections, please visit -<URL:http://www.freebsd.org/security/>. - -I. Background - -The Concurrent Versions System (CVS) is a version control system. It -may be used to access a repository locally, or to access a `remote -repository' using a number of different methods. When accessing a -remote repository, the target machine runs the CVS server to fulfill -client requests. - -II. Problem Description - -A number of vulnerabilities were discovered in CVS by Stefan Esser, -Sebastian Krahmer, and Derek Price. - - . Insufficient input validation while processing "Entry" lines. - (CAN-2004-0414) - - . A double-free resulting from erroneous state handling while - processing "Argumentx" commands. (CAN-2004-0416) - - . Integer overflow while processing "Max-dotdot" commands. - (CAN-2004-0417) - - . Erroneous handling of empty entries handled while processing - "Notify" commands. (CAN-2004-0418) - - . A format string bug while processing CVS wrappers. - - . Single-byte buffer underflows while processing configuration files - from CVSROOT. - - . Various other integer overflows. - -Additionally, iDEFENSE reports an undocumented command-line flag used -in debugging does not perform input validation on the given path -names. - -III. Impact - -CVS servers ("cvs server" or :pserver: modes) are affected by these -vulnerabilities. They vary in impact but include information disclosure -(the iDEFENSE-reported bug), denial-of-service (CAN-2004-0414, -CAN-2004-0416, CAN-2004-0417 and other bugs), or possibly arbitrary code -execution (CAN-2004-0418). In very special situations where the -attacker may somehow influence the contents of CVS configuration files -in CVSROOT, additional attacks may be possible. - -IV. Workaround - -Disable the use of remote CVS repositories. - -V. Solution - -Do one of the following: - -1) Upgrade your vulnerable system to the RELENG_4 stable branch, or to -the RELENG_5_2, RELENG_4_10, RELENG_4_9, or RELENG_4_8 security branch -dated after the correction date. - -OR - -2) Patch your present system: - -The following patches have been verified to apply to FreeBSD 4.8, 4.9, -4.10 and 5.2.1 systems. Note that one *must* have previously applied -the patches pertaining to FreeBSD-SA-04:10.cvs in order to use these -patches. - -Note that FreeBSD 4.10-STABLE systems built from sources dated -2004-06-29 16:20:00 UTC or later include cvs 1.11.17, which has all -of these issues fixed. These patches should not be applied to those -systems. - -a) Download the relevant patches from the location below, and verify the -detached PGP signature using your PGP utility. - -# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:14/cvs.patch -# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:14/cvs.patch.asc - -b) Execute the following commands as root: - -# cd /usr/src -# patch < /path/to/patch -# cd /usr/src/gnu/usr.bin/cvs -# make obj && make depend && make && make install - -VI. Correction details - -The following list contains the revision numbers of each file that was -corrected in FreeBSD. - -Branch Revision - Path -- ------------------------------------------------------------------------- -RELENG_4_10 - src/UPDATING 1.73.2.90.2.4 - src/sys/conf/newvers.sh 1.44.2.34.2.5 - src/contrib/cvs/lib/xsize.h 1.1.1.1.6.1 - src/contrib/cvs/src/commit.c 1.8.2.5.6.1 - src/contrib/cvs/src/cvs.h 1.11.2.6.6.1 - src/contrib/cvs/src/filesubr.c 1.6.2.4.6.1 - src/contrib/cvs/src/history.c 1.1.1.6.2.4.6.1 - src/contrib/cvs/src/modules.c 1.1.1.5.2.4.2.1 - src/contrib/cvs/src/server.c 1.13.2.5.6.3 - src/contrib/cvs/src/wrapper.c 1.1.1.7.2.3.6.1 - src/gnu/usr.bin/cvs/lib/config.h.proto 1.16.2.1.6.1 -RELENG_4_9 - src/UPDATING 1.73.2.89.2.13 - src/sys/conf/newvers.sh 1.44.2.32.2.13 - src/contrib/cvs/lib/xsize.h 1.1.1.1.8.1 - src/contrib/cvs/src/commit.c 1.8.2.5.4.1 - src/contrib/cvs/src/cvs.h 1.11.2.6.4.1 - src/contrib/cvs/src/filesubr.c 1.6.2.4.4.1 - src/contrib/cvs/src/history.c 1.1.1.6.2.4.4.1 - src/contrib/cvs/src/modules.c 1.1.1.5.2.3.4.2 - src/contrib/cvs/src/server.c 1.13.2.5.4.3 - src/contrib/cvs/src/wrapper.c 1.1.1.7.2.3.4.1 - src/gnu/usr.bin/cvs/lib/config.h.proto 1.16.2.1.4.1 -RELENG_4_8 - src/UPDATING 1.73.2.80.2.28 - src/sys/conf/newvers.sh 1.44.2.29.2.26 - src/contrib/cvs/lib/xsize.h 1.1.1.1.10.1 - src/contrib/cvs/src/commit.c 1.8.2.5.2.1 - src/contrib/cvs/src/cvs.h 1.11.2.6.2.1 - src/contrib/cvs/src/filesubr.c 1.6.2.4.2.1 - src/contrib/cvs/src/history.c 1.1.1.6.2.4.2.1 - src/contrib/cvs/src/modules.c 1.1.1.5.2.3.2.2 - src/contrib/cvs/src/server.c 1.13.2.5.2.3 - src/contrib/cvs/src/wrapper.c 1.1.1.7.2.3.2.1 - src/gnu/usr.bin/cvs/lib/config.h.proto 1.16.2.1.2.1 -RELENG_5_2 - src/UPDATING 1.282.2.18 - src/sys/conf/newvers.sh 1.56.2.17 - src/contrib/cvs/lib/xsize.h 1.1.1.1.12.1 - src/contrib/cvs/src/commit.c 1.13.4.1 - src/contrib/cvs/src/cvs.h 1.17.4.1 - src/contrib/cvs/src/filesubr.c 1.10.6.1 - src/contrib/cvs/src/history.c 1.1.1.10.6.1 - src/contrib/cvs/src/modules.c 1.1.1.8.6.3 - src/contrib/cvs/src/server.c 1.19.4.4 - src/contrib/cvs/src/wrapper.c 1.1.1.10.6.1 - src/gnu/usr.bin/cvs/lib/config.h.proto 1.17.2.1 -- ------------------------------------------------------------------------- - -VII. References - -<URL: http://security.e-matters.de/advisories/092004.html > ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.2.5 (FreeBSD) - -iD8DBQFBTterFdaIBMps37IRAlkjAJ9jZ40PME0gr8b6DyS+h6zVHCxGTgCfdJN/ -JiKgPD2YDy378kBO3hYd8Ao= -=qzxJ ------END PGP SIGNATURE----- |