cvelistv5 - cve-2003-0015

CVE-2003-0015 (GCVE-0-2003-0015)

Vulnerability from cvelistv5 – Published: 2004-09-01 04:00 – Updated: 2024-08-08 01:36

Summary

Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.redhat.com/support/errata/RHSA-2003-012.html	vendor-advisoryx_refsource_REDHAT
	http://ccvs.cvshome.org/servlets/NewsItemView?new…	x_refsource_CONFIRM
	http://marc.info/?l=bugtraq&m=104342550612736&w=2	mailing-listx_refsource_BUGTRAQ
	http://www.mandrakesoft.com/security/advisories?n…	vendor-advisoryx_refsource_MANDRAKE
	http://marc.info/?l=bugtraq&m=104438807203491&w=2	vendor-advisoryx_refsource_FREEBSD
	http://www.securityfocus.com/bid/6650	vdb-entryx_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://marc.info/?l=bugtraq&m=104333092200589&w=2	mailing-listx_refsource_BUGTRAQ
	http://rhn.redhat.com/errata/RHSA-2003-013.html	vendor-advisoryx_refsource_REDHAT
	http://marc.info/?l=bugtraq&m=104428571204468&w=2	mailing-listx_refsource_BUGTRAQ
	http://www.debian.org/security/2003/dsa-233	vendor-advisoryx_refsource_DEBIAN
	http://www.kb.cert.org/vuls/id/650937	third-party-advisoryx_refsource_CERT-VN
	http://security.e-matters.de/advisories/012003.html	x_refsource_MISC
	http://www.cert.org/advisories/CA-2003-02.html	third-party-advisoryx_refsource_CERT
	http://www.ciac.org/ciac/bulletins/n-032.shtml	third-party-advisorygovernment-resourcex_refsource_CIAC
	http://archives.neohapsis.com/archives/vulnwatch/…	mailing-listx_refsource_VULNWATCH

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:36:25.368Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2003:012",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2003-012.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51\u0026JServSessionIdservlets=5of2iuhr14"
          },
          {
            "name": "20030124 Test program for CVS double-free.",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=104342550612736\u0026w=2"
          },
          {
            "name": "MDKSA-2003:009",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:009"
          },
          {
            "name": "FreeBSD-SA-03:01",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=104438807203491\u0026w=2"
          },
          {
            "name": "6650",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/6650"
          },
          {
            "name": "cvs-doublefree-memory-corruption(11108)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11108"
          },
          {
            "name": "20030122 [security@slackware.com: [slackware-security] New CVS packages available]",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=104333092200589\u0026w=2"
          },
          {
            "name": "RHSA-2003:013",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2003-013.html"
          },
          {
            "name": "20030202 Exploit for CVS double free() for Linux pserver",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=104428571204468\u0026w=2"
          },
          {
            "name": "DSA-233",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2003/dsa-233"
          },
          {
            "name": "VU#650937",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/650937"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://security.e-matters.de/advisories/012003.html"
          },
          {
            "name": "CA-2003-02",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.cert.org/advisories/CA-2003-02.html"
          },
          {
            "name": "N-032",
            "tags": [
              "third-party-advisory",
              "government-resource",
              "x_refsource_CIAC",
              "x_transferred"
            ],
            "url": "http://www.ciac.org/ciac/bulletins/n-032.shtml"
          },
          {
            "name": "20030120 Advisory 01/2003: CVS remote vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_VULNWATCH",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2003-01-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2007-11-29T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2003:012",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2003-012.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51\u0026JServSessionIdservlets=5of2iuhr14"
        },
        {
          "name": "20030124 Test program for CVS double-free.",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=104342550612736\u0026w=2"
        },
        {
          "name": "MDKSA-2003:009",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:009"
        },
        {
          "name": "FreeBSD-SA-03:01",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=104438807203491\u0026w=2"
        },
        {
          "name": "6650",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/6650"
        },
        {
          "name": "cvs-doublefree-memory-corruption(11108)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11108"
        },
        {
          "name": "20030122 [security@slackware.com: [slackware-security] New CVS packages available]",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=104333092200589\u0026w=2"
        },
        {
          "name": "RHSA-2003:013",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2003-013.html"
        },
        {
          "name": "20030202 Exploit for CVS double free() for Linux pserver",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=104428571204468\u0026w=2"
        },
        {
          "name": "DSA-233",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2003/dsa-233"
        },
        {
          "name": "VU#650937",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/650937"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://security.e-matters.de/advisories/012003.html"
        },
        {
          "name": "CA-2003-02",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.cert.org/advisories/CA-2003-02.html"
        },
        {
          "name": "N-032",
          "tags": [
            "third-party-advisory",
            "government-resource",
            "x_refsource_CIAC"
          ],
          "url": "http://www.ciac.org/ciac/bulletins/n-032.shtml"
        },
        {
          "name": "20030120 Advisory 01/2003: CVS remote vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_VULNWATCH"
          ],
          "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-0015",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2003:012",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2003-012.html"
            },
            {
              "name": "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51\u0026JServSessionIdservlets=5of2iuhr14",
              "refsource": "CONFIRM",
              "url": "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51\u0026JServSessionIdservlets=5of2iuhr14"
            },
            {
              "name": "20030124 Test program for CVS double-free.",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=104342550612736\u0026w=2"
            },
            {
              "name": "MDKSA-2003:009",
              "refsource": "MANDRAKE",
              "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:009"
            },
            {
              "name": "FreeBSD-SA-03:01",
              "refsource": "FREEBSD",
              "url": "http://marc.info/?l=bugtraq\u0026m=104438807203491\u0026w=2"
            },
            {
              "name": "6650",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/6650"
            },
            {
              "name": "cvs-doublefree-memory-corruption(11108)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11108"
            },
            {
              "name": "20030122 [security@slackware.com: [slackware-security] New CVS packages available]",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=104333092200589\u0026w=2"
            },
            {
              "name": "RHSA-2003:013",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2003-013.html"
            },
            {
              "name": "20030202 Exploit for CVS double free() for Linux pserver",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=104428571204468\u0026w=2"
            },
            {
              "name": "DSA-233",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2003/dsa-233"
            },
            {
              "name": "VU#650937",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/650937"
            },
            {
              "name": "http://security.e-matters.de/advisories/012003.html",
              "refsource": "MISC",
              "url": "http://security.e-matters.de/advisories/012003.html"
            },
            {
              "name": "CA-2003-02",
              "refsource": "CERT",
              "url": "http://www.cert.org/advisories/CA-2003-02.html"
            },
            {
              "name": "N-032",
              "refsource": "CIAC",
              "url": "http://www.ciac.org/ciac/bulletins/n-032.shtml"
            },
            {
              "name": "20030120 Advisory 01/2003: CVS remote vulnerability",
              "refsource": "VULNWATCH",
              "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2003-0015",
    "datePublished": "2004-09-01T04:00:00",
    "dateReserved": "2003-01-07T00:00:00",
    "dateUpdated": "2024-08-08T01:36:25.368Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:4.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"55C5FC1A-1253-4390-A4FC-573BB14EA937\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:4.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"44308D13-D935-4FF8-AB52-F0E115ED1AD2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9C001822-FDF8-497C-AC2C-B59A00E9ACD2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B86C77AB-B8FF-4376-9B4E-C88417396F3D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"61EBA52A-2D8B-4FB5-866E-AE67CE1842E7\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cvs:cvs:1.10.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C9F7CA6E-7D45-46C9-A437-0D0C4D3F25CC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cvs:cvs:1.10.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"62135DD0-140D-42C2-9302-31B5E2DE1A4A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cvs:cvs:1.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D92B456C-5F8E-4DC2-940C-AE06B42DD3A9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cvs:cvs:1.11.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"37B53C85-AA0E-40DD-B477-058586197714\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cvs:cvs:1.11.1p1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEA5C320-0306-4A15-9AB0-4DCD01F103DF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cvs:cvs:1.11.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D472B97-F7C2-4973-9D71-AB3CF1F8774D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cvs:cvs:1.11.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9D0DCF26-59A8-46AC-99D7-97C203A0D702\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cvs:cvs:1.11.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B31BAACA-7518-48D2-ADEE-F59F4569D3BF\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de doble liberaci\\u00f3n de memoria en CVS 1.11.4 y anteriores permite a atacantes remotos causar una denegaci\\u00f3n de servicio y posiblemente ejecutar c\\u00f3digo arbitrario mediante una petici\\u00f3n de de directorio mal formada, como ha sido demostrado evitando las comprobaciones de escritura para ejecutar los comandos Update-prog y Checkin-prog.\"}]",
      "id": "CVE-2003-0015",
      "lastModified": "2024-11-20T23:43:44.333",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": true, \"userInteractionRequired\": false}]}",
      "published": "2003-02-07T05:00:00.000",
      "references": "[{\"url\": \"http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51\u0026JServSessionIdservlets=5of2iuhr14\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=104333092200589\u0026w=2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=104342550612736\u0026w=2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=104428571204468\u0026w=2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=104438807203491\u0026w=2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2003-013.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://security.e-matters.de/advisories/012003.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.cert.org/advisories/CA-2003-02.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.ciac.org/ciac/bulletins/n-032.shtml\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.debian.org/security/2003/dsa-233\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/650937\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:009\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2003-012.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/6650\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/11108\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51\u0026JServSessionIdservlets=5of2iuhr14\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=104333092200589\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=104342550612736\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=104428571204468\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=104438807203491\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2003-013.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://security.e-matters.de/advisories/012003.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.cert.org/advisories/CA-2003-02.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.ciac.org/ciac/bulletins/n-032.shtml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2003/dsa-233\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/650937\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:009\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2003-012.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/6650\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/11108\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-415\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2003-0015\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2003-02-07T05:00:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de doble liberaci\u00f3n de memoria en CVS 1.11.4 y anteriores permite a atacantes remotos causar una denegaci\u00f3n de servicio y posiblemente ejecutar c\u00f3digo arbitrario mediante una petici\u00f3n de de directorio mal formada, como ha sido demostrado evitando las comprobaciones de escritura para ejecutar los comandos Update-prog y Checkin-prog.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-415\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55C5FC1A-1253-4390-A4FC-573BB14EA937\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:4.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"44308D13-D935-4FF8-AB52-F0E115ED1AD2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C001822-FDF8-497C-AC2C-B59A00E9ACD2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B86C77AB-B8FF-4376-9B4E-C88417396F3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"61EBA52A-2D8B-4FB5-866E-AE67CE1842E7\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cvs:cvs:1.10.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9F7CA6E-7D45-46C9-A437-0D0C4D3F25CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cvs:cvs:1.10.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62135DD0-140D-42C2-9302-31B5E2DE1A4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cvs:cvs:1.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D92B456C-5F8E-4DC2-940C-AE06B42DD3A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cvs:cvs:1.11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"37B53C85-AA0E-40DD-B477-058586197714\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cvs:cvs:1.11.1p1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEA5C320-0306-4A15-9AB0-4DCD01F103DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cvs:cvs:1.11.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D472B97-F7C2-4973-9D71-AB3CF1F8774D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cvs:cvs:1.11.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D0DCF26-59A8-46AC-99D7-97C203A0D702\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cvs:cvs:1.11.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B31BAACA-7518-48D2-ADEE-F59F4569D3BF\"}]}]}],\"references\":[{\"url\":\"http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51\u0026JServSessionIdservlets=5of2iuhr14\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=104333092200589\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=104342550612736\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=104428571204468\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=104438807203491\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2003-013.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://security.e-matters.de/advisories/012003.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.cert.org/advisories/CA-2003-02.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.ciac.org/ciac/bulletins/n-032.shtml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2003/dsa-233\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.kb.cert.org/vuls/id/650937\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:009\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2003-012.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/6650\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/11108\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51\u0026JServSessionIdservlets=5of2iuhr14\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=104333092200589\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=104342550612736\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=104428571204468\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=104438807203491\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2003-013.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://security.e-matters.de/advisories/012003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.cert.org/advisories/CA-2003-02.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.ciac.org/ciac/bulletins/n-032.shtml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2003/dsa-233\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/650937\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:009\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2003-012.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/6650\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/11108\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

RHSA-2003_012

Vulnerability from csaf_redhat - Published: 2003-01-20 21:24 - Updated: 2024-11-21 22:36

Summary

Red Hat Security Advisory: : : : Updated CVS packages available

Notes

Topic

Updated cvs packages are now available for Red Hat Linux 6.2, 7, 7.1, 7.2, 7.3, and 8.0. These updates close a vulnerability which would permit arbitrary command execution on servers configured to allow anonymous read-only access. [Updated 16 April 2003] Added packages for Red Hat Linux on IBM iSeries and pSeries systems

Details

CVS is a version control system frequently used to manage source code repositories. During an audit of the CVS sources, Stefan Esser discovered an exploitable double-free bug in the CVS server. On servers which are configured to allow anonymous read-only access, this bug could be used by anonymous users to gain write privileges. Users with CVS write privileges can then use the Update-prog and Checkin-prog features to execute arbitrary commands on the server. All users of CVS are advised to upgrade to these erratum packages which contain patches to correct the double-free bug. Our thanks go to Stefan Esser of e-matters for reporting this issue to us.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated cvs packages are now available for Red Hat Linux 6.2, 7, 7.1, 7.2,\n7.3, and 8.0.  These updates close a vulnerability which would permit\narbitrary command execution on servers configured to allow anonymous\nread-only access.\n\n[Updated 16 April 2003]\nAdded packages for Red Hat Linux on IBM iSeries and pSeries systems",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "CVS is a version control system frequently used to manage source code\nrepositories.  During an audit of the CVS sources, Stefan Esser\ndiscovered an exploitable double-free bug in the CVS server.\n\nOn servers which are configured to allow anonymous read-only access, this\nbug could be used by anonymous users to gain write privileges.  Users with\nCVS write privileges can then use the Update-prog and Checkin-prog features\nto execute arbitrary commands on the server.\n\nAll users of CVS are advised to upgrade to these erratum packages which\ncontain patches to correct the double-free bug.\n\nOur thanks go to Stefan Esser of e-matters for reporting this issue to us.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2003:012",
        "url": "https://access.redhat.com/errata/RHSA-2003:012"
      },
      {
        "category": "external",
        "summary": "http://security.e-matters.de/advisories/012003.html",
        "url": "http://security.e-matters.de/advisories/012003.html"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2003/rhsa-2003_012.json"
      }
    ],
    "title": "Red Hat Security Advisory: : : : Updated CVS packages available",
    "tracking": {
      "current_release_date": "2024-11-21T22:36:22+00:00",
      "generator": {
        "date": "2024-11-21T22:36:22+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2003:012",
      "initial_release_date": "2003-01-20T21:24:00+00:00",
      "revision_history": [
        {
          "date": "2003-01-20T21:24:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2003-01-15T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-21T22:36:22+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Linux 6.2",
                "product": {
                  "name": "Red Hat Linux 6.2",
                  "product_id": "Red Hat Linux 6.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:6.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.0",
                "product": {
                  "name": "Red Hat Linux 7.0",
                  "product_id": "Red Hat Linux 7.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.1",
                "product": {
                  "name": "Red Hat Linux 7.1",
                  "product_id": "Red Hat Linux 7.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.2",
                "product": {
                  "name": "Red Hat Linux 7.2",
                  "product_id": "Red Hat Linux 7.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.3",
                "product": {
                  "name": "Red Hat Linux 7.3",
                  "product_id": "Red Hat Linux 7.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 8.0",
                "product": {
                  "name": "Red Hat Linux 8.0",
                  "product_id": "Red Hat Linux 8.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:8.0"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2003-0015",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616934"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Linux 6.2",
          "Red Hat Linux 7.0",
          "Red Hat Linux 7.1",
          "Red Hat Linux 7.2",
          "Red Hat Linux 7.3",
          "Red Hat Linux 8.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2003-0015"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616934",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616934"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2003-0015",
          "url": "https://www.cve.org/CVERecord?id=CVE-2003-0015"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0015",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0015"
        }
      ],
      "release_date": "2003-01-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-01-20T21:24:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Linux 6.2",
            "Red Hat Linux 7.0",
            "Red Hat Linux 7.1",
            "Red Hat Linux 7.2",
            "Red Hat Linux 7.3",
            "Red Hat Linux 8.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:012"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "security flaw"
    }
  ]
}

RHSA-2003:012

Vulnerability from csaf_redhat - Published: 2003-01-20 21:24 - Updated: 2025-11-21 17:25

Summary

Red Hat Security Advisory: : : : Updated CVS packages available

Notes

Topic

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated cvs packages are now available for Red Hat Linux 6.2, 7, 7.1, 7.2,\n7.3, and 8.0.  These updates close a vulnerability which would permit\narbitrary command execution on servers configured to allow anonymous\nread-only access.\n\n[Updated 16 April 2003]\nAdded packages for Red Hat Linux on IBM iSeries and pSeries systems",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "CVS is a version control system frequently used to manage source code\nrepositories.  During an audit of the CVS sources, Stefan Esser\ndiscovered an exploitable double-free bug in the CVS server.\n\nOn servers which are configured to allow anonymous read-only access, this\nbug could be used by anonymous users to gain write privileges.  Users with\nCVS write privileges can then use the Update-prog and Checkin-prog features\nto execute arbitrary commands on the server.\n\nAll users of CVS are advised to upgrade to these erratum packages which\ncontain patches to correct the double-free bug.\n\nOur thanks go to Stefan Esser of e-matters for reporting this issue to us.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2003:012",
        "url": "https://access.redhat.com/errata/RHSA-2003:012"
      },
      {
        "category": "external",
        "summary": "http://security.e-matters.de/advisories/012003.html",
        "url": "http://security.e-matters.de/advisories/012003.html"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2003/rhsa-2003_012.json"
      }
    ],
    "title": "Red Hat Security Advisory: : : : Updated CVS packages available",
    "tracking": {
      "current_release_date": "2025-11-21T17:25:23+00:00",
      "generator": {
        "date": "2025-11-21T17:25:23+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2003:012",
      "initial_release_date": "2003-01-20T21:24:00+00:00",
      "revision_history": [
        {
          "date": "2003-01-20T21:24:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2003-01-15T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:25:23+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Linux 6.2",
                "product": {
                  "name": "Red Hat Linux 6.2",
                  "product_id": "Red Hat Linux 6.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:6.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.0",
                "product": {
                  "name": "Red Hat Linux 7.0",
                  "product_id": "Red Hat Linux 7.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.1",
                "product": {
                  "name": "Red Hat Linux 7.1",
                  "product_id": "Red Hat Linux 7.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.2",
                "product": {
                  "name": "Red Hat Linux 7.2",
                  "product_id": "Red Hat Linux 7.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.3",
                "product": {
                  "name": "Red Hat Linux 7.3",
                  "product_id": "Red Hat Linux 7.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 8.0",
                "product": {
                  "name": "Red Hat Linux 8.0",
                  "product_id": "Red Hat Linux 8.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:8.0"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2003-0015",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616934"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Linux 6.2",
          "Red Hat Linux 7.0",
          "Red Hat Linux 7.1",
          "Red Hat Linux 7.2",
          "Red Hat Linux 7.3",
          "Red Hat Linux 8.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2003-0015"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616934",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616934"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2003-0015",
          "url": "https://www.cve.org/CVERecord?id=CVE-2003-0015"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0015",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0015"
        }
      ],
      "release_date": "2003-01-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-01-20T21:24:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Linux 6.2",
            "Red Hat Linux 7.0",
            "Red Hat Linux 7.1",
            "Red Hat Linux 7.2",
            "Red Hat Linux 7.3",
            "Red Hat Linux 8.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:012"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "security flaw"
    }
  ]
}

RHSA-2003_013

Vulnerability from csaf_redhat - Published: 2003-01-20 21:19 - Updated: 2024-11-21 22:36

Summary

Red Hat Security Advisory: cvs security update

Notes

Topic

Updated CVS packages are now available for Red Hat Linux Advanced Server. These updates fix a vulnerability which would permit arbitrary command execution on servers configured to allow anonymous read-only access. [Updated 06 Feb 2003] Added fixed packages for Advanced Workstation 2.1

Details

CVS is a version control system frequently used to manage source code repositories. During an audit of the CVS sources, Stefan Esser discovered an exploitable double-free bug in the CVS server. On servers which are configured to allow anonymous read-only access, this bug could be used by anonymous users to gain write privileges. Users with CVS write privileges can then use the Update-prog and Checkin-prog features to execute arbitrary commands on the server. All users of CVS are advised to upgrade to these packages which contain patches to correct the double-free bug. Our thanks go to Stefan Esser of e-matters for reporting this issue to us.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated CVS packages are now available for Red Hat Linux Advanced Server. \nThese updates fix a vulnerability which would permit arbitrary command\nexecution on servers configured to allow anonymous read-only access.\n\n[Updated 06 Feb 2003]\nAdded fixed packages for Advanced Workstation 2.1",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "CVS is a version control system frequently used to manage source code\nrepositories.  During an audit of the CVS sources, Stefan Esser discovered\nan exploitable double-free bug in the CVS server.\n\nOn servers which are configured to allow anonymous read-only access, this\nbug could be used by anonymous users to gain write privileges.  Users with\nCVS write privileges can then use the Update-prog and Checkin-prog features\nto execute arbitrary commands on the server.\n\nAll users of CVS are advised to upgrade to these packages which\ncontain patches to correct the double-free bug.\n\nOur thanks go to Stefan Esser of e-matters for reporting this issue to us.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2003:013",
        "url": "https://access.redhat.com/errata/RHSA-2003:013"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#critical",
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "http://security.e-matters.de/advisories/012003.html",
        "url": "http://security.e-matters.de/advisories/012003.html"
      },
      {
        "category": "external",
        "summary": "82014",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=82014"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2003/rhsa-2003_013.json"
      }
    ],
    "title": "Red Hat Security Advisory: cvs security update",
    "tracking": {
      "current_release_date": "2024-11-21T22:36:26+00:00",
      "generator": {
        "date": "2024-11-21T22:36:26+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2003:013",
      "initial_release_date": "2003-01-20T21:19:00+00:00",
      "revision_history": [
        {
          "date": "2003-01-20T21:19:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2003-01-15T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-21T22:36:26+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                "product": {
                  "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_id": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::as"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux Advanced Workstation 2.1",
                "product": {
                  "name": "Red Hat Linux Advanced Workstation 2.1",
                  "product_id": "Red Hat Linux Advanced Workstation 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::aw"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Advanced Products"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2003-0015",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616934"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "Red Hat Linux Advanced Workstation 2.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2003-0015"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616934",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616934"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2003-0015",
          "url": "https://www.cve.org/CVERecord?id=CVE-2003-0015"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0015",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0015"
        }
      ],
      "release_date": "2003-01-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-01-20T21:19:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
            "Red Hat Linux Advanced Workstation 2.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:013"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "security flaw"
    }
  ]
}

RHSA-2003:013

Vulnerability from csaf_redhat - Published: 2003-01-20 21:19 - Updated: 2025-11-21 17:25

Summary

Red Hat Security Advisory: cvs security update

Notes

Topic

Details

CVS is a version control system frequently used to manage source code repositories. During an audit of the CVS sources, Stefan Esser discovered an exploitable double-free bug in the CVS server. On servers which are configured to allow anonymous read-only access, this bug could be used by anonymous users to gain write privileges. Users with CVS write privileges can then use the Update-prog and Checkin-prog features to execute arbitrary commands on the server. All users of CVS are advised to upgrade to these packages which contain patches to correct the double-free bug. Our thanks go to Stefan Esser of e-matters for reporting this issue to us.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated CVS packages are now available for Red Hat Linux Advanced Server. \nThese updates fix a vulnerability which would permit arbitrary command\nexecution on servers configured to allow anonymous read-only access.\n\n[Updated 06 Feb 2003]\nAdded fixed packages for Advanced Workstation 2.1",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "CVS is a version control system frequently used to manage source code\nrepositories.  During an audit of the CVS sources, Stefan Esser discovered\nan exploitable double-free bug in the CVS server.\n\nOn servers which are configured to allow anonymous read-only access, this\nbug could be used by anonymous users to gain write privileges.  Users with\nCVS write privileges can then use the Update-prog and Checkin-prog features\nto execute arbitrary commands on the server.\n\nAll users of CVS are advised to upgrade to these packages which\ncontain patches to correct the double-free bug.\n\nOur thanks go to Stefan Esser of e-matters for reporting this issue to us.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2003:013",
        "url": "https://access.redhat.com/errata/RHSA-2003:013"
      },
      {
        "category": "external",
        "summary": "82014",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=82014"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#critical",
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "http://security.e-matters.de/advisories/012003.html",
        "url": "http://security.e-matters.de/advisories/012003.html"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2003/rhsa-2003_013.json"
      }
    ],
    "title": "Red Hat Security Advisory: cvs security update",
    "tracking": {
      "current_release_date": "2025-11-21T17:25:24+00:00",
      "generator": {
        "date": "2025-11-21T17:25:24+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2003:013",
      "initial_release_date": "2003-01-20T21:19:00+00:00",
      "revision_history": [
        {
          "date": "2003-01-20T21:19:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2003-01-15T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:25:24+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                "product": {
                  "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_id": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::as"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux Advanced Workstation 2.1",
                "product": {
                  "name": "Red Hat Linux Advanced Workstation 2.1",
                  "product_id": "Red Hat Linux Advanced Workstation 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::aw"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Advanced Products"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2003-0015",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616934"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "Red Hat Linux Advanced Workstation 2.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2003-0015"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616934",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616934"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2003-0015",
          "url": "https://www.cve.org/CVERecord?id=CVE-2003-0015"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0015",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0015"
        }
      ],
      "release_date": "2003-01-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-01-20T21:19:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
            "Red Hat Linux Advanced Workstation 2.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:013"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "security flaw"
    }
  ]
}

GSD-2003-0015

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2003-0015

Aliases

CVE-2003-0015

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2003-0015",
    "description": "Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands.",
    "id": "GSD-2003-0015",
    "references": [
      "https://www.debian.org/security/2003/dsa-233",
      "https://access.redhat.com/errata/RHSA-2003:013",
      "https://access.redhat.com/errata/RHSA-2003:012"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2003-0015"
      ],
      "details": "Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands.",
      "id": "GSD-2003-0015",
      "modified": "2023-12-13T01:22:13.394080Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2003-0015",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "RHSA-2003:012",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2003-012.html"
          },
          {
            "name": "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51\u0026JServSessionIdservlets=5of2iuhr14",
            "refsource": "CONFIRM",
            "url": "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51\u0026JServSessionIdservlets=5of2iuhr14"
          },
          {
            "name": "20030124 Test program for CVS double-free.",
            "refsource": "BUGTRAQ",
            "url": "http://marc.info/?l=bugtraq\u0026m=104342550612736\u0026w=2"
          },
          {
            "name": "MDKSA-2003:009",
            "refsource": "MANDRAKE",
            "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:009"
          },
          {
            "name": "FreeBSD-SA-03:01",
            "refsource": "FREEBSD",
            "url": "http://marc.info/?l=bugtraq\u0026m=104438807203491\u0026w=2"
          },
          {
            "name": "6650",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/6650"
          },
          {
            "name": "cvs-doublefree-memory-corruption(11108)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11108"
          },
          {
            "name": "20030122 [security@slackware.com: [slackware-security] New CVS packages available]",
            "refsource": "BUGTRAQ",
            "url": "http://marc.info/?l=bugtraq\u0026m=104333092200589\u0026w=2"
          },
          {
            "name": "RHSA-2003:013",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2003-013.html"
          },
          {
            "name": "20030202 Exploit for CVS double free() for Linux pserver",
            "refsource": "BUGTRAQ",
            "url": "http://marc.info/?l=bugtraq\u0026m=104428571204468\u0026w=2"
          },
          {
            "name": "DSA-233",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2003/dsa-233"
          },
          {
            "name": "VU#650937",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/650937"
          },
          {
            "name": "http://security.e-matters.de/advisories/012003.html",
            "refsource": "MISC",
            "url": "http://security.e-matters.de/advisories/012003.html"
          },
          {
            "name": "CA-2003-02",
            "refsource": "CERT",
            "url": "http://www.cert.org/advisories/CA-2003-02.html"
          },
          {
            "name": "N-032",
            "refsource": "CIAC",
            "url": "http://www.ciac.org/ciac/bulletins/n-032.shtml"
          },
          {
            "name": "20030120 Advisory 01/2003: CVS remote vulnerability",
            "refsource": "VULNWATCH",
            "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cvs:cvs:1.11.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cvs:cvs:1.11.1p1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cvs:cvs:1.10.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cvs:cvs:1.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cvs:cvs:1.11.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cvs:cvs:1.11.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cvs:cvs:1.10.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cvs:cvs:1.11.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-0015"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-415"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://security.e-matters.de/advisories/012003.html",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://security.e-matters.de/advisories/012003.html"
            },
            {
              "name": "RHSA-2003:013",
              "refsource": "REDHAT",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2003-013.html"
            },
            {
              "name": "VU#650937",
              "refsource": "CERT-VN",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/650937"
            },
            {
              "name": "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51\u0026JServSessionIdservlets=5of2iuhr14",
              "refsource": "CONFIRM",
              "tags": [
                "Broken Link"
              ],
              "url": "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51\u0026JServSessionIdservlets=5of2iuhr14"
            },
            {
              "name": "20030120 Advisory 01/2003: CVS remote vulnerability",
              "refsource": "VULNWATCH",
              "tags": [],
              "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.html"
            },
            {
              "name": "CA-2003-02",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.cert.org/advisories/CA-2003-02.html"
            },
            {
              "name": "DSA-233",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2003/dsa-233"
            },
            {
              "name": "MDKSA-2003:009",
              "refsource": "MANDRAKE",
              "tags": [],
              "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:009"
            },
            {
              "name": "RHSA-2003:012",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2003-012.html"
            },
            {
              "name": "N-032",
              "refsource": "CIAC",
              "tags": [],
              "url": "http://www.ciac.org/ciac/bulletins/n-032.shtml"
            },
            {
              "name": "6650",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/6650"
            },
            {
              "name": "FreeBSD-SA-03:01",
              "refsource": "FREEBSD",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=104438807203491\u0026w=2"
            },
            {
              "name": "20030124 Test program for CVS double-free.",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=104342550612736\u0026w=2"
            },
            {
              "name": "20030202 Exploit for CVS double free() for Linux pserver",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=104428571204468\u0026w=2"
            },
            {
              "name": "20030122 [security@slackware.com: [slackware-security] New CVS packages available]",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=104333092200589\u0026w=2"
            },
            {
              "name": "cvs-doublefree-memory-corruption(11108)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11108"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-05-03T01:29Z",
      "publishedDate": "2003-02-07T05:00Z"
    }
  }
}

GHSA-JJ52-XC36-FQ8R

Vulnerability from github – Published: 2022-04-29 01:25 – Updated: 2022-04-29 01:25

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2003-0015"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-415"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2003-02-07T05:00:00Z",
    "severity": "HIGH"
  },
  "details": "Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands.",
  "id": "GHSA-jj52-xc36-fq8r",
  "modified": "2022-04-29T01:25:40Z",
  "published": "2022-04-29T01:25:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0015"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11108"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.html"
    },
    {
      "type": "WEB",
      "url": "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51\u0026JServSessionIdservlets=5of2iuhr14"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=104333092200589\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=104342550612736\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=104428571204468\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=104438807203491\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2003-013.html"
    },
    {
      "type": "WEB",
      "url": "http://security.e-matters.de/advisories/012003.html"
    },
    {
      "type": "WEB",
      "url": "http://www.cert.org/advisories/CA-2003-02.html"
    },
    {
      "type": "WEB",
      "url": "http://www.ciac.org/ciac/bulletins/n-032.shtml"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2003/dsa-233"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/650937"
    },
    {
      "type": "WEB",
      "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:009"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-012.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/6650"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2003-0015

Vulnerability from fkie_nvd - Published: 2003-02-07 05:00 - Updated: 2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.html
cve@mitre.org	http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51&JServSessionIdservlets=5of2iuhr14	Broken Link
cve@mitre.org	http://marc.info/?l=bugtraq&m=104333092200589&w=2
cve@mitre.org	http://marc.info/?l=bugtraq&m=104342550612736&w=2
cve@mitre.org	http://marc.info/?l=bugtraq&m=104428571204468&w=2
cve@mitre.org	http://marc.info/?l=bugtraq&m=104438807203491&w=2
cve@mitre.org	http://rhn.redhat.com/errata/RHSA-2003-013.html	Patch, Vendor Advisory
cve@mitre.org	http://security.e-matters.de/advisories/012003.html	Patch, Vendor Advisory
cve@mitre.org	http://www.cert.org/advisories/CA-2003-02.html	US Government Resource
cve@mitre.org	http://www.ciac.org/ciac/bulletins/n-032.shtml
cve@mitre.org	http://www.debian.org/security/2003/dsa-233
cve@mitre.org	http://www.kb.cert.org/vuls/id/650937	Third Party Advisory, US Government Resource
cve@mitre.org	http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:009
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2003-012.html
cve@mitre.org	http://www.securityfocus.com/bid/6650
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/11108
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.html
af854a3a-2127-422b-91ae-364da2661108	http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51&JServSessionIdservlets=5of2iuhr14	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=104333092200589&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=104342550612736&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=104428571204468&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=104438807203491&w=2
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2003-013.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://security.e-matters.de/advisories/012003.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.cert.org/advisories/CA-2003-02.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.ciac.org/ciac/bulletins/n-032.shtml
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2003/dsa-233
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/650937	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:009
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2003-012.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/6650
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/11108

Impacted products

Vendor	Product	Version
freebsd	freebsd	4.4
freebsd	freebsd	4.5
freebsd	freebsd	4.6
freebsd	freebsd	4.7
freebsd	freebsd	5.0
cvs	cvs	1.10.7
cvs	cvs	1.10.8
cvs	cvs	1.11
cvs	cvs	1.11.1
cvs	cvs	1.11.1p1
cvs	cvs	1.11.2
cvs	cvs	1.11.3
cvs	cvs	1.11.4

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "55C5FC1A-1253-4390-A4FC-573BB14EA937",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "44308D13-D935-4FF8-AB52-F0E115ED1AD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C001822-FDF8-497C-AC2C-B59A00E9ACD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B86C77AB-B8FF-4376-9B4E-C88417396F3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "61EBA52A-2D8B-4FB5-866E-AE67CE1842E7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cvs:cvs:1.10.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9F7CA6E-7D45-46C9-A437-0D0C4D3F25CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cvs:cvs:1.10.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "62135DD0-140D-42C2-9302-31B5E2DE1A4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cvs:cvs:1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "D92B456C-5F8E-4DC2-940C-AE06B42DD3A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cvs:cvs:1.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "37B53C85-AA0E-40DD-B477-058586197714",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cvs:cvs:1.11.1p1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEA5C320-0306-4A15-9AB0-4DCD01F103DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cvs:cvs:1.11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D472B97-F7C2-4973-9D71-AB3CF1F8774D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cvs:cvs:1.11.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D0DCF26-59A8-46AC-99D7-97C203A0D702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cvs:cvs:1.11.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B31BAACA-7518-48D2-ADEE-F59F4569D3BF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de doble liberaci\u00f3n de memoria en CVS 1.11.4 y anteriores permite a atacantes remotos causar una denegaci\u00f3n de servicio y posiblemente ejecutar c\u00f3digo arbitrario mediante una petici\u00f3n de de directorio mal formada, como ha sido demostrado evitando las comprobaciones de escritura para ejecutar los comandos Update-prog y Checkin-prog."
    }
  ],
  "id": "CVE-2003-0015",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2003-02-07T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51\u0026JServSessionIdservlets=5of2iuhr14"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=104333092200589\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=104342550612736\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=104428571204468\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=104438807203491\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2003-013.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://security.e-matters.de/advisories/012003.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.cert.org/advisories/CA-2003-02.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ciac.org/ciac/bulletins/n-032.shtml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2003/dsa-233"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/650937"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:009"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-012.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/6650"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11108"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51\u0026JServSessionIdservlets=5of2iuhr14"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=104333092200589\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=104342550612736\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=104428571204468\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=104438807203491\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2003-013.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://security.e-matters.de/advisories/012003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.cert.org/advisories/CA-2003-02.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ciac.org/ciac/bulletins/n-032.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2003/dsa-233"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/650937"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:009"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-012.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/6650"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11108"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-415"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2003-0015 (GCVE-0-2003-0015)

RHSA-2003_012

RHSA-2003:012

RHSA-2003_013

RHSA-2003:013

GSD-2003-0015

GHSA-JJ52-XC36-FQ8R

FKIE_CVE-2003-0015

Tags

Sightings

Nomenclature