Remote CVS exploit for versions 1.11.15 and below that makes use of the Argumentx error_prog_name double free heap overflow on RedHat 8.0.
1ef0f00bc5dd2efbcfedccbeaf427ca4d38d3c2fcf5a2710c02762f6489148f1
Technical Cyber Security Alert TA04-147A - A heap overflow vulnerability in the Concurrent Versions System (CVS) could allow a remote attacker to execute arbitrary code on a vulnerable system. Systems affected: Concurrent Versions System (CVS) versions prior to 1.11.16. CVS Features versions prior to 1.12.8.
eb076a8b5b46b1ff5cdb1e09fb7058dfaf0b977564279a22443f627e735d5bc8
Remote root exploit for stable CVS releases up to 1.11.15 and CVS feature releases up to 1.12.7. Solaris version. Anonymously submitted.
65c674ac77ccd4a45957f097a3fcebfc7836743e95663c5b329449a7e1d5d93e
Remote root exploit for stable CVS releases up to 1.11.15 and CVS feature releases up to 1.12.7. Linux and FreeBSD version. Anonymously submitted.
cbba2ce54b3c6d2fab06e83029be065535aa55e80f9747949b5f4579b7f3ef21
Stable CVS releases up to 1.11.15 and CVS feature releases up to 1.12.7 both contain a flaw when deciding if a CVS entry line should get a modified or unchanged flag attached. This results in a heap overflow which can be exploited to execute arbitrary code on the CVS server. This could allow a repository compromise.
00c2f250dd0b9f331e85b739415381b86f0e2189bb6869f8fc74364b3f7c03d1