CVSTrac History.c History_update Function Overflow Network Vulnerability

Summary

The remote host seems to be running cvstrac, a web-based bug and patch-set tracking system for CVS. This version contains a flaw related to the history_update() function in history.c that may allow an attacker to cause a buffer overflow and execute arbitrary code on the remote system. ***** OVS has determined the vulnerability exists on the target ***** simply by looking at the version number(s) of CVSTrac ***** installed there.

Solution

Update to version 1.1.4 or disable this CGI suite

Severity

Classification

CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

AstroSPACES profile.php SQL Injection Vulnerability
AdaptBB Multiple Input Validation Vulnerabilities
AjaXplorer zoho plugin Directory Traversal Vulnerability
Alchemy Eye HTTP Command Execution
AlefMentor Multiple SQL Injection Vulnerabilities

CVSTrac history.c history_update function overflow

Take action and discover your vulnerabilities