The remote host is missing an update to the system as announced in the referenced advisory.

Update your system with the appropriate patches or software upgrades. http://secunia.com/advisories/11817 http://secunia.com/advisories/12309 http://security.e-matters.de/advisories/092004.html http://www.idefense.com/application/poi/display?id=130&type=vulnerabilities&flashstatus=false https://ccvs.cvshome.org/source/browse/ccvs/NEWS?rev=1.116.2.104 http://www.osvdb.org/6830 http://www.osvdb.org/6831 http://www.osvdb.org/6832 http://www.osvdb.org/6833 http://www.osvdb.org/6834 http://www.osvdb.org/6835 http://www.osvdb.org/6836 http://www.vuxml.org/freebsd/d2102505-f03d-11d8-81b0-000347a4fa7d.html

The following package is affected: cvs+ipv6 CVE-2004-0414 CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed 'Entry' lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution. CVE-2004-0416 Double-free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code. CVE-2004-0417 Integer overflow in the 'Max-dotdot' CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space. CVE-2004-0418 serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an 'out-of-bounds' write for a single byte to execute arbitrary code or modify critical program data. CVE-2004-0778 CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote attackers to determine the existence of arbitrary files and directories via the -X command for an alternate history file, which causes different error messages to be returned.