Off-by-one overflow in the CVS PreservePermissions of rcs.c for CVSD before 1.11.2 allows local users to execute arbitrary code.
References
Link | Resource |
---|---|
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-035.0.txt | Broken Link Patch Vendor Advisory |
ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc | Broken Link |
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0081.html | Broken Link Exploit Patch Vendor Advisory |
http://marc.info/?l=bugtraq&m=102233767925177&w=2 | Mailing List |
http://www.redhat.com/support/errata/RHSA-2004-004.html | Broken Link |
http://www.securityfocus.com/bid/4829 | Broken Link Patch Third Party Advisory VDB Entry Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/9175 | Third Party Advisory VDB Entry |
Configurations
History
02 Feb 2024, 02:49
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 4.6
v3 : 7.8 |
CWE | CWE-193 | |
CPE | cpe:2.3:a:distrotech:cvs:*:*:*:*:*:*:*:* | |
First Time |
Distrotech cvs
Distrotech |
|
References | () ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-035.0.txt - Broken Link, Patch, Vendor Advisory | |
References | () ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc - Broken Link | |
References | () http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0081.html - Broken Link, Exploit, Patch, Vendor Advisory | |
References | () http://marc.info/?l=bugtraq&m=102233767925177&w=2 - Mailing List | |
References | () http://www.redhat.com/support/errata/RHSA-2004-004.html - Broken Link | |
References | () http://www.securityfocus.com/bid/4829 - Broken Link, Patch, Third Party Advisory, VDB Entry, Vendor Advisory | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/9175 - Third Party Advisory, VDB Entry |
Information
Published : 2002-08-12 04:00
Updated : 2024-02-02 02:49
NVD link : CVE-2002-0844
Mitre link : CVE-2002-0844
CVE.ORG link : CVE-2002-0844
JSON object : View
Products Affected
distrotech
- cvs
CWE
CWE-193
Off-by-one Error