CVE-2003-0015

Current Description

Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands.

Basic Data

PublishedFebruary 07, 2003
Last ModifiedMay 03, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-415
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score7.5
SeverityHIGH
Exploitability Score10.0
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegetrue

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSFreebsdFreebsd4.4*******
    2.3OSFreebsdFreebsd4.5*******
    2.3OSFreebsdFreebsd4.6*******
    2.3OSFreebsdFreebsd4.7*******
    2.3OSFreebsdFreebsd5.0*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationCvsCvs1.10.7*******
    2.3ApplicationCvsCvs1.10.8*******
    2.3ApplicationCvsCvs1.11*******
    2.3ApplicationCvsCvs1.11.1*******
    2.3ApplicationCvsCvs1.11.1p1*******
    2.3ApplicationCvsCvs1.11.2*******
    2.3ApplicationCvsCvs1.11.3*******
    2.3ApplicationCvsCvs1.11.4*******

Vulnerable Software List

VendorProductVersions
Freebsd Freebsd 4.4, 4.5, 4.6, 4.7, 5.0
Cvs Cvs 1.10.7, 1.10.8, 1.11, 1.11.1, 1.11.1p1, 1.11.2, 1.11.3, 1.11.4

References

NameSourceURLTags
20030120 Advisory 01/2003: CVS remote vulnerabilityhttp://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.htmlVULNWATCH
http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51&JServSessionIdservlets=5of2iuhr14http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51&JServSessionIdservlets=5of2iuhr14CONFIRMBroken Link
20030122 [security@slackware.com: [slackware-security] New CVS packages available]http://marc.info/?l=bugtraq&m=104333092200589&w=2BUGTRAQ
20030124 Test program for CVS double-free.http://marc.info/?l=bugtraq&m=104342550612736&w=2BUGTRAQ
20030202 Exploit for CVS double free() for Linux pserverhttp://marc.info/?l=bugtraq&m=104428571204468&w=2BUGTRAQ
FreeBSD-SA-03:01http://marc.info/?l=bugtraq&m=104438807203491&w=2FREEBSD
RHSA-2003:013http://rhn.redhat.com/errata/RHSA-2003-013.htmlREDHATPatch Vendor Advisory
http://security.e-matters.de/advisories/012003.htmlhttp://security.e-matters.de/advisories/012003.htmlMISCPatch Vendor Advisory
CA-2003-02http://www.cert.org/advisories/CA-2003-02.htmlCERTUS Government Resource
N-032http://www.ciac.org/ciac/bulletins/n-032.shtmlCIAC
DSA-233http://www.debian.org/security/2003/dsa-233DEBIAN
VU#650937http://www.kb.cert.org/vuls/id/650937CERT-VNThird Party Advisory US Government Resource
MDKSA-2003:009http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:009MANDRAKE
RHSA-2003:012http://www.redhat.com/support/errata/RHSA-2003-012.htmlREDHAT
6650http://www.securityfocus.com/bid/6650BID
cvs-doublefree-memory-corruption(11108)https://exchange.xforce.ibmcloud.com/vulnerabilities/11108XF