CVS Client RCS Diff File Corruption Vulnerability
BID:10138
Info
CVS Client RCS Diff File Corruption Vulnerability
| Bugtraq ID: | 10138 |
| Class: | Access Validation Error |
| CVE: |
CVE-2004-0180 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 14 2004 12:00AM |
| Updated: | Jul 12 2009 04:06AM |
| Credit: | Discovery of this vulnerability has been credited to Sebastian Krahmer. |
| Vulnerable: |
Slackware Linux 9.1 Slackware Linux 9.0 Slackware Linux 8.1 Slackware Linux -current SGI ProPack 3.0 SGI ProPack 2.4 SGI ProPack 2.3 Redhat Fedora Core1 Redhat Enterprise Linux WS 3 Redhat Enterprise Linux WS 2.1 Redhat Enterprise Linux ES 3 Redhat Enterprise Linux ES 2.1 Redhat Enterprise Linux AS 3 Redhat Enterprise Linux AS 2.1 Redhat cvs-1.11.2-10.i386.rpm Redhat Advanced Workstation for the Itanium Processor 2.1 Netwosix Netwosix Linux 1.1 Netwosix Netwosix Linux 1.0 FreeBSD FreeBSD 4.9 -PRERELEASE FreeBSD FreeBSD 4.9 FreeBSD FreeBSD 4.8 -RELENG FreeBSD FreeBSD 4.8 -RELEASE-p7 FreeBSD FreeBSD 4.8 -PRERELEASE FreeBSD FreeBSD 4.8 FreeBSD FreeBSD 4.7 -STABLE FreeBSD FreeBSD 4.7 -RELENG FreeBSD FreeBSD 4.7 -RELEASE-p17 FreeBSD FreeBSD 4.7 -RELEASE FreeBSD FreeBSD 4.7 FreeBSD FreeBSD 4.6.2 FreeBSD FreeBSD 4.6 -STABLE FreeBSD FreeBSD 4.6 -RELENG FreeBSD FreeBSD 4.6 -RELEASE-p20 FreeBSD FreeBSD 4.6 -RELEASE FreeBSD FreeBSD 4.6 FreeBSD FreeBSD 4.5 -STABLEpre2002-03-07 FreeBSD FreeBSD 4.5 -STABLE FreeBSD FreeBSD 4.5 -RELENG FreeBSD FreeBSD 4.5 -RELEASE-p32 FreeBSD FreeBSD 4.5 -RELEASE FreeBSD FreeBSD 4.5 FreeBSD FreeBSD 4.4 -STABLE FreeBSD FreeBSD 4.4 -RELENG FreeBSD FreeBSD 4.4 -RELENG FreeBSD FreeBSD 4.4 -RELEASE-p42 FreeBSD FreeBSD 4.4 FreeBSD FreeBSD 4.3 -STABLE FreeBSD FreeBSD 4.3 -RELENG FreeBSD FreeBSD 4.3 -RELEASE-p38 FreeBSD FreeBSD 4.3 -RELEASE FreeBSD FreeBSD 4.3 FreeBSD FreeBSD 4.2 -STABLEpre122300 FreeBSD FreeBSD 4.2 -STABLEpre050201 FreeBSD FreeBSD 4.2 -STABLE FreeBSD FreeBSD 4.2 -RELEASE FreeBSD FreeBSD 4.2 FreeBSD FreeBSD 4.1.1 -STABLE FreeBSD FreeBSD 4.1.1 -RELEASE FreeBSD FreeBSD 4.1.1 FreeBSD FreeBSD 4.1 FreeBSD FreeBSD 4.0 .x FreeBSD FreeBSD 4.0 -RELENG FreeBSD FreeBSD 4.0 alpha FreeBSD FreeBSD 4.0 FreeBSD FreeBSD 4.10-PRERELEASE CVS CVS 1.12.5 CVS CVS 1.12.2 CVS CVS 1.12.1 CVS CVS 1.11.14 CVS CVS 1.11.11 CVS CVS 1.11.10 CVS CVS 1.11.6 CVS CVS 1.11.5 CVS CVS 1.11.4 CVS CVS 1.11.3 CVS CVS 1.11.2 CVS CVS 1.11.1 p1 CVS CVS 1.11.1 CVS CVS 1.11 CVS CVS 1.10.8 CVS CVS 1.10.7 |
| Not Vulnerable: |
CVS CVS 1.12.7 CVS CVS 1.11.15 |
Discussion
CVS Client RCS Diff File Corruption Vulnerability
A vulnerability has been discovered in the CVS client. It is reported that a problem in the revision control system (RCS) diff files may allow an attacker to create an arbitrary file on a remote system. The file will be created with the privileges of the user who is invoking the CVS client.
A vulnerability has been discovered in the CVS client. It is reported that a problem in the revision control system (RCS) diff files may allow an attacker to create an arbitrary file on a remote system. The file will be created with the privileges of the user who is invoking the CVS client.
Exploit / POC
CVS Client RCS Diff File Corruption Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
CVS Client RCS Diff File Corruption Vulnerability
Solution:
The vendor has released updates to address this and other issues. Fixes are linked below.
SGI has released an advisory 20040404-01-U and fixes to address this issue. Please see referenced advisory for further details regarding obtaining and applying appropriate fixes. Fixes are linked below.
FreeBSD has released an advisory (FreeBSD-SA-04:07.cvs) and patches to address this issue. FreeBSD users are advised to apply these patches as soon as possible. Further information regarding obtaining and applying patches can be found in the referenced advisory. Patches are linked below.
Red Hat has released an advisory (RHSA-2004:154-06) and fixes to address this issue. Red Hat users are advised to apply these fixes as soon as possible. Further information regarding obtaining and applying fixes can be found in the referenced advisory.
OpenPKG has released an advisory (OpenPKG-SA-2004.013) and fixes to address this issue. OpenPKG users are advised to apply these fixes as soon as possible. Further information regarding obtaining and applying fixes can be found in the referenced advisory. Fixes are linked below.
Red Hat has released an advisory (RHSA-2004:153-07) and fixes to address this issue on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.
SuSE has released an advisory (SuSE-SA:2004:008) and fixes to address this issue. SuSE users are advised to apply these fixes as soon as possible. Further information regarding obtaining and applying fixes can be found in the referenced advisory.
Red Hat has released an advisory (RHSA-2004:154-01) and fixes to address this issue. Red Hat users are advised to apply these fixes as soon as possible. Further information regarding obtaining and applying fixes can be found in the referenced advisory.
Mandrake has released an advisory (MDKSA-2004:028) and fixes to address this issue. Mandrake users are advised to apply these fixes as soon as possible. Further information regarding obtaining and applying fixes can be found in the referenced advisory.
Gentoo has released an advisory GLSA 200404-13 to address this and another issue. Please see the referenced advisory for more information.
Gentoo users are advised to carry out the following commands to update their systems:
# emerge sync
# emerge -pv ">=dev-util/cvs-1.11.15"
# emerge ">=dev-util/cvs-1.11.15"
Debian has released advisory DSA 486-1 to address this issue. Please see the attached advisory for details on obtaining and applying fixes.
Netwosix has released an advisory LNSA-#2004-0011 with fix information to address this and another issue in CVS. Please see the referenced advisory for more information.
Slackware has released an advisory SSA:2004-108-02 with fix information to address this and another issue in CVS. Please see the referenced advisory for more information.
Red Hat has released advisory RHSA-2004:153-09 for their enterprise distribution dealing with this and other issues. Please see the referenced advisory for more information and details on obtaining fixes.
OpenBSD users are urged to follow the instructions contained in the patch files to update their CVS binaries.
Red Hat Fedora has released advisory FEDORA-2004-110 dealing with this issue. Please see the referenced advisory for further information.
SGI has released an advisory (20040506-01-U) with Patch 10075 for SGI
ProPack 3 to address this and other issues. Please see the referenced
advisory for more information.
Turbolinux has released advisory TLSA-2004-15 dealing with this issue. Please see the referenced advisory for further information.
Red Hat Fedora Legacy advisory FLSA-2004:1620 has been released dealing with this and other issues for Red Hat 7.3 and 9.0. Please see the referenced advisory for more information.
An upgrade for CVS on the Immunix Linux platform has been released.
Redhat Fedora Core1
CVS CVS 1.11
CVS CVS 1.11.1 p1
CVS CVS 1.11.1
CVS CVS 1.11.10
CVS CVS 1.11.11
CVS CVS 1.11.14
CVS CVS 1.11.2
CVS CVS 1.11.3
CVS CVS 1.11.4
CVS CVS 1.11.5
CVS CVS 1.11.6
CVS CVS 1.12.1
CVS CVS 1.12.2
CVS CVS 1.12.5
SGI ProPack 2.3
SGI ProPack 2.4
SGI ProPack 3.0
FreeBSD FreeBSD 4.8 -RELENG
FreeBSD FreeBSD 4.8 -PRERELEASE
FreeBSD FreeBSD 4.8 -RELEASE-p7
FreeBSD FreeBSD 4.8
FreeBSD FreeBSD 4.9
FreeBSD FreeBSD 4.9 -PRERELEASE
Solution:
The vendor has released updates to address this and other issues. Fixes are linked below.
SGI has released an advisory 20040404-01-U and fixes to address this issue. Please see referenced advisory for further details regarding obtaining and applying appropriate fixes. Fixes are linked below.
FreeBSD has released an advisory (FreeBSD-SA-04:07.cvs) and patches to address this issue. FreeBSD users are advised to apply these patches as soon as possible. Further information regarding obtaining and applying patches can be found in the referenced advisory. Patches are linked below.
Red Hat has released an advisory (RHSA-2004:154-06) and fixes to address this issue. Red Hat users are advised to apply these fixes as soon as possible. Further information regarding obtaining and applying fixes can be found in the referenced advisory.
OpenPKG has released an advisory (OpenPKG-SA-2004.013) and fixes to address this issue. OpenPKG users are advised to apply these fixes as soon as possible. Further information regarding obtaining and applying fixes can be found in the referenced advisory. Fixes are linked below.
Red Hat has released an advisory (RHSA-2004:153-07) and fixes to address this issue on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.
SuSE has released an advisory (SuSE-SA:2004:008) and fixes to address this issue. SuSE users are advised to apply these fixes as soon as possible. Further information regarding obtaining and applying fixes can be found in the referenced advisory.
Red Hat has released an advisory (RHSA-2004:154-01) and fixes to address this issue. Red Hat users are advised to apply these fixes as soon as possible. Further information regarding obtaining and applying fixes can be found in the referenced advisory.
Mandrake has released an advisory (MDKSA-2004:028) and fixes to address this issue. Mandrake users are advised to apply these fixes as soon as possible. Further information regarding obtaining and applying fixes can be found in the referenced advisory.
Gentoo has released an advisory GLSA 200404-13 to address this and another issue. Please see the referenced advisory for more information.
Gentoo users are advised to carry out the following commands to update their systems:
# emerge sync
# emerge -pv ">=dev-util/cvs-1.11.15"
# emerge ">=dev-util/cvs-1.11.15"
Debian has released advisory DSA 486-1 to address this issue. Please see the attached advisory for details on obtaining and applying fixes.
Netwosix has released an advisory LNSA-#2004-0011 with fix information to address this and another issue in CVS. Please see the referenced advisory for more information.
Slackware has released an advisory SSA:2004-108-02 with fix information to address this and another issue in CVS. Please see the referenced advisory for more information.
Red Hat has released advisory RHSA-2004:153-09 for their enterprise distribution dealing with this and other issues. Please see the referenced advisory for more information and details on obtaining fixes.
OpenBSD users are urged to follow the instructions contained in the patch files to update their CVS binaries.
Red Hat Fedora has released advisory FEDORA-2004-110 dealing with this issue. Please see the referenced advisory for further information.
SGI has released an advisory (20040506-01-U) with Patch 10075 for SGI
ProPack 3 to address this and other issues. Please see the referenced
advisory for more information.
Turbolinux has released advisory TLSA-2004-15 dealing with this issue. Please see the referenced advisory for further information.
Red Hat Fedora Legacy advisory FLSA-2004:1620 has been released dealing with this and other issues for Red Hat 7.3 and 9.0. Please see the referenced advisory for more information.
An upgrade for CVS on the Immunix Linux platform has been released.
Redhat Fedora Core1
-
Fedora cvs-1.11.15-1.i386.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386 /cvs-1.11.15-1.i386.rpm -
Fedora cvs-1.11.15-1.x86_64.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/x86_ 64/cvs-1.11.15-1.x86_64.rpm -
Fedora cvs-debuginfo-1.11.15-1.i386.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386 /debug/cvs-debuginfo-1.11.15-1.i386.rpm -
Fedora cvs-debuginfo-1.11.15-1.x86_64.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/x86_ 64/debug/cvs-debuginfo-1.11.15-1.x86_64.rpm
CVS CVS 1.11
-
CVS cvs-1.11.15.tar.gz
http://ccvs.cvshome.org/servlets/ProjectDownloadList?action=download&d lID=466
CVS CVS 1.11.1 p1
-
CVS cvs-1.11.15.tar.gz
http://ccvs.cvshome.org/servlets/ProjectDownloadList?action=download&d lID=466 -
Debian cvs_1.11.1p1debian-9woody2_alpha.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian- 9woody2_alpha.deb -
Debian cvs_1.11.1p1debian-9woody2_arm.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian- 9woody2_arm.deb -
Debian cvs_1.11.1p1debian-9woody2_hppa.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian- 9woody2_hppa.deb -
Debian cvs_1.11.1p1debian-9woody2_i386.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian- 9woody2_i386.deb -
Debian cvs_1.11.1p1debian-9woody2_ia64.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian- 9woody2_ia64.deb -
Debian cvs_1.11.1p1debian-9woody2_m68k.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian- 9woody2_m68k.deb -
Debian cvs_1.11.1p1debian-9woody2_mips.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian- 9woody2_mips.deb -
Debian cvs_1.11.1p1debian-9woody2_mipsel.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian- 9woody2_mipsel.deb -
Debian cvs_1.11.1p1debian-9woody2_powerpc.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian- 9woody2_powerpc.deb -
Debian cvs_1.11.1p1debian-9woody2_s390.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian- 9woody2_s390.deb -
Debian cvs_1.11.1p1debian-9woody2_sparc.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian- 9woody2_sparc.deb -
OpenBSD 002_cvs.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/002_cvs.patch -
OpenBSD 017_cvs.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/017_cvs.patch -
OpenBSD 022_cvs.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/022_cvs.patch -
RedHat cvs-1.11.1p1-14.legacy.3.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/cvs-1.11.1p1- 14.legacy.3.i386.rpm -
SuSE cvs-1.11.1p1-326.i386.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.0/d3/cvs-1.11.1p1-326.i386.p atch.rpm -
SuSE cvs-1.11.1p1-326.i586.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/cvs-1.11.1p1-326. i586.patch.rpm -
SuSE cvs-1.11.1p1-326.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.0/d3/cvs-1.11.1p1-326.i386.r pm -
SuSE cvs-1.11.1p1-326.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/cvs-1.11.1p1-326. i586.rpm
CVS CVS 1.11.1
-
CVS cvs-1.11.15.tar.gz
http://ccvs.cvshome.org/servlets/ProjectDownloadList?action=download&d lID=466
CVS CVS 1.11.10
-
CVS cvs-1.11.15.tar.gz
http://ccvs.cvshome.org/servlets/ProjectDownloadList?action=download&d lID=466
CVS CVS 1.11.11
-
CVS cvs-1.11.15.tar.gz
http://ccvs.cvshome.org/servlets/ProjectDownloadList?action=download&d lID=466 -
Mandrake cvs-1.11.14-0.1.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php
CVS CVS 1.11.14
-
CVS cvs-1.11.15.tar.gz
http://ccvs.cvshome.org/servlets/ProjectDownloadList?action=download&d lID=466
CVS CVS 1.11.2
-
CVS cvs-1.11.15.tar.gz
http://ccvs.cvshome.org/servlets/ProjectDownloadList?action=download&d lID=466 -
RedHat cvs-1.11.2-23.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/cvs-1.11.2-23.l egacy.i386.rpm
CVS CVS 1.11.3
-
CVS cvs-1.11.15.tar.gz
http://ccvs.cvshome.org/servlets/ProjectDownloadList?action=download&d lID=466
CVS CVS 1.11.4
-
CVS cvs-1.11.15.tar.gz
http://ccvs.cvshome.org/servlets/ProjectDownloadList?action=download&d lID=466
CVS CVS 1.11.5
-
CVS cvs-1.11.15.tar.gz
http://ccvs.cvshome.org/servlets/ProjectDownloadList?action=download&d lID=466 -
Mandrake cvs-1.11.14-0.1.91mdk.i586.rpm
Mandrake Linux 9.1
http://www.mandrakesecure.net/en/ftp.php -
Mandrake cvs-1.11.14-0.1.91mdk.ppc.rpm
Mandrake Linux 9.1/PPC
http://www.mandrakesecure.net/en/ftp.php -
Mandrake cvs-1.11.14-0.1.C21mdk.i586.rpm
Mandrake Corporate Server 2.1
http://www.mandrakesecure.net/en/ftp.php -
Mandrake cvs-1.11.14-0.1.C21mdk.x86_64.rpm
Mandrake Corporate Server 2.1/X86_64
http://www.mandrakesecure.net/en/ftp.php -
Slackware cvs-1.11.15-i386-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/c vs-1.11.15-i386-1.tgz -
SuSE cvs-1.11.5-103.i586.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/cvs-1.11.5-103.i5 86.patch.rpm -
SuSE cvs-1.11.5-103.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/cvs-1.11.5-103.i5 86.rpm
CVS CVS 1.11.6
-
CVS cvs-1.11.15.tar.gz
http://ccvs.cvshome.org/servlets/ProjectDownloadList?action=download&d lID=466 -
Mandrake cvs-1.11.14-0.1.92mdk.amd64.rpm
Mandrake Linux 9.2/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake cvs-1.11.14-0.1.92mdk.i586.rpm
Mandrake Linux 9.2
http://www.mandrakesecure.net/en/ftp.php -
Slackware cvs-1.11.15-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/c vs-1.11.15-i486-1.tgz -
SuSE cvs-1.11.6-78.x86_64.patch.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/cvs-1.11.6-78 .x86_64.patch.rpm -
SuSE cvs-1.11.6-79.i586.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/cvs-1.11.6-79.i58 6.patch.rpm -
SuSE cvs-1.11.6-78.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/cvs-1.11.6-78 .x86_64.rpm -
SuSE cvs-1.11.6-79.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/cvs-1.11.6-79.i58 6.rpm
CVS CVS 1.12.1
-
CVS cvs-1.12.7.tar.gz
http://ccvs.cvshome.org/servlets/ProjectDownloadList?action=download&d lID=468
CVS CVS 1.12.2
-
CVS cvs-1.12.7.tar.gz
http://ccvs.cvshome.org/servlets/ProjectDownloadList?action=download&d lID=468
CVS CVS 1.12.5
-
CVS cvs-1.12.7.tar.gz
http://ccvs.cvshome.org/servlets/ProjectDownloadList?action=download&d lID=468 -
OpenPKG cvs-1.12.5-2.0.1.src.rpm
OpenPKG 2.0
ftp://ftp.openpkg.org/release/2.0/UPD/cvs-1.12.5-2.0.1.src.rpm
SGI ProPack 2.3
-
SGI patch10067.tar.gz
ftp://patches.sgi.com/support/free/security/patches/ProPack/2.3/patch1 0067.tar.gz
SGI ProPack 2.4
-
SGI patch10067.tar.gz
ftp://patches.sgi.com/support/free/security/patches/ProPack/2.4/patch1 0067.tar.gz
SGI ProPack 3.0
-
SGI patch10075.tar.gz
ftp://patches.sgi.com/support/free/security/patches/ProPack/3/
FreeBSD FreeBSD 4.8 -RELENG
-
FreeBSD cvs.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:07/cvs.patch
FreeBSD FreeBSD 4.8 -PRERELEASE
-
FreeBSD cvs.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:07/cvs.patch
FreeBSD FreeBSD 4.8 -RELEASE-p7
-
FreeBSD cvs.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:07/cvs.patch
FreeBSD FreeBSD 4.8
-
FreeBSD cvs.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:07/cvs.patch
FreeBSD FreeBSD 4.9
-
FreeBSD cvs.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:07/cvs.patch
FreeBSD FreeBSD 4.9 -PRERELEASE
-
FreeBSD cvs.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:07/cvs.patch
References
CVS Client RCS Diff File Corruption Vulnerability
References:
References: