Details of VAR-201011-0260

ID

VAR-201011-0260

CVE

CVE-2010-3846

TITLE

CVS of rcs.c Is in apply_rcs_change Elevation of privilege vulnerability in functions

Trust: 0.8

sources: JVNDB: JVNDB-2010-002534

DESCRIPTION

Array index error in the apply_rcs_change function in rcs.c in CVS 1.11.23 allows local users to gain privileges via an RCS file containing crafted delta fragment changes that trigger a heap-based buffer overflow. Concurrent Versions System is an open source version control system. Enticing users to examine specially constructed files can trigger a heap-based buffer overflow. CVS is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input before copying it to an insufficiently sized buffer. A local attacker can exploit this issue by storing a malicious RCS file in the CVS repository, and enticing an unsuspecting user to update their CVS repository tree with the file. Successful exploitation allows the attacker to execute arbitrary code with the privileges of the user running the vulnerable application. Failed attempts will result in denial-of-service conditions. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: CVS Delta Fragment Array Indexing Vulnerability SECUNIA ADVISORY ID: SA41079 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41079/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41079 RELEASE DATE: 2010-10-29 DISCUSS ADVISORY: http://secunia.com/advisories/41079/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41079/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41079 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in CVS, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is reported in version 1.11.23. Other versions may also be affected. SOLUTION: Fixed in the CVS repository. PROVIDED AND/OR DISCOVERED BY: Red Hat credits Ralph Loader ORIGINAL ADVISORY: CVS: http://cvs.savannah.gnu.org/viewvc/cvs/ccvs/src/rcs.c?r1=1.262.4.65&r2=1.262.4.66&sortby=rev Red Hat: https://bugzilla.redhat.com/show_bug.cgi?id=642146 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges. For more information: SA41079 SOLUTION: Apply updated packages via the yum utility ("yum update cvs")

Trust: 2.7

sources: NVD: CVE-2010-3846 // JVNDB: JVNDB-2010-002534 // CNVD: CNVD-2010-2595 // BID: 44528 // PACKETSTORM: 95293 // PACKETSTORM: 96222 // PACKETSTORM: 95295

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2010-2595

AFFECTED PRODUCTS

vendor:	cvs	model:	cvs	scope:	eq	version:	1.11.23	Trust: 1.7
vendor:	nongnu	model:	cvs	scope:	eq	version:	1.11.23	Trust: 1.6
vendor:	red hat	model:	enterprise linux desktop	scope:	eq	version:	6	Trust: 0.8
vendor:	red hat	model:	enterprise linux hpc node	scope:	eq	version:	6	Trust: 0.8
vendor:	red hat	model:	enterprise linux server	scope:	eq	version:	6	Trust: 0.8
vendor:	red hat	model:	enterprise linux workstation	scope:	eq	version:	6	Trust: 0.8
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	6	Trust: 0.3
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	6	Trust: 0.3
vendor:	redhat	model:	enterprise linux hpc node	scope:	eq	version:	6	Trust: 0.3
vendor:	redhat	model:	enterprise linux desktop	scope:	eq	version:	6	Trust: 0.3

sources: CNVD: CNVD-2010-2595 // BID: 44528 // JVNDB: JVNDB-2010-002534 // CNNVD: CNNVD-201011-046 // NVD: CVE-2010-3846

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2010-3846
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2010-3846
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201011-046
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2010-3846
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

sources: JVNDB: JVNDB-2010-002534 // CNNVD: CNNVD-201011-046 // NVD: CVE-2010-3846

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2010-002534 // NVD: CVE-2010-3846

THREAT TYPE

local

Trust: 0.9

sources: PACKETSTORM: 95293 // PACKETSTORM: 96222 // PACKETSTORM: 95295 // CNNVD: CNNVD-201011-046

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201011-046

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-002534

PATCH

title:	Top Page	url:	http://savannah.nongnu.org/projects/cvs/	Trust: 0.8
title:	RHSA-2010:0918	url:	https://rhn.redhat.com/errata/RHSA-2010-0918.html	Trust: 0.8
title:	Patch for CVS Delta Fragment Array Indexing Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/1552	Trust: 0.6
title:	FreeBSD CVSweb Buffer error vulnerability fix	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=234755	Trust: 0.6

sources: CNVD: CNVD-2010-2595 // JVNDB: JVNDB-2010-002534 // CNNVD: CNNVD-201011-046

EXTERNAL IDS

db:	NVD	id:	CVE-2010-3846	Trust: 3.3
db:	SECUNIA	id:	41079	Trust: 3.1
db:	BID	id:	44528	Trust: 2.7
db:	SECUNIA	id:	42409	Trust: 2.5
db:	SECTRACK	id:	1024795	Trust: 2.4
db:	VUPEN	id:	ADV-2010-2845	Trust: 2.4
db:	VUPEN	id:	ADV-2010-3080	Trust: 2.4
db:	OSVDB	id:	68952	Trust: 2.4
db:	SECUNIA	id:	42041	Trust: 1.7
db:	VUPEN	id:	ADV-2010-2869	Trust: 1.6
db:	VUPEN	id:	ADV-2010-2846	Trust: 1.6
db:	VUPEN	id:	ADV-2010-2899	Trust: 1.6
db:	XF	id:	62858	Trust: 0.8
db:	JVNDB	id:	JVNDB-2010-002534	Trust: 0.8
db:	CNVD	id:	CNVD-2010-2595	Trust: 0.6
db:	CNNVD	id:	CNNVD-201011-046	Trust: 0.6
db:	PACKETSTORM	id:	95293	Trust: 0.1
db:	PACKETSTORM	id:	96222	Trust: 0.1
db:	PACKETSTORM	id:	95295	Trust: 0.1

sources: CNVD: CNVD-2010-2595 // BID: 44528 // JVNDB: JVNDB-2010-002534 // PACKETSTORM: 95293 // PACKETSTORM: 96222 // PACKETSTORM: 95295 // CNNVD: CNNVD-201011-046 // NVD: CVE-2010-3846

REFERENCES

url:	http://www.osvdb.org/68952	Trust: 2.4
url:	http://secunia.com/advisories/41079	Trust: 2.4
url:	http://secunia.com/advisories/42409	Trust: 2.4
url:	http://www.securityfocus.com/bid/44528	Trust: 2.4
url:	http://www.securitytracker.com/id?1024795	Trust: 2.4
url:	http://www.vupen.com/english/advisories/2010/2845	Trust: 2.4
url:	http://www.vupen.com/english/advisories/2010/3080	Trust: 2.4
url:	https://bugzilla.redhat.com/show_bug.cgi?id=642146	Trust: 2.0
url:	http://cvs.savannah.gnu.org/viewvc/cvs/ccvs/src/rcs.c?r1=1.262.4.65&r2=1.262.4.66&sortby=rev	Trust: 1.7
url:	http://lists.fedoraproject.org/pipermail/package-announce/2010-october/050090.html	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2010/2899	Trust: 1.6
url:	http://www.redhat.com/support/errata/rhsa-2010-0918.html	Trust: 1.6
url:	http://lists.fedoraproject.org/pipermail/package-announce/2010-november/050287.html	Trust: 1.6
url:	http://www.vupen.com/english/advisories/2010/2846	Trust: 1.6
url:	http://lists.fedoraproject.org/pipermail/package-announce/2010-november/050212.html	Trust: 1.6
url:	http://www.vupen.com/english/advisories/2010/2869	Trust: 1.6
url:	http://secunia.com/advisories/42041	Trust: 1.6
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/62858	Trust: 1.6
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3846	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/62858	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-3846	Trust: 0.8
url:	http://secunia.com/advisories/41079/	Trust: 0.7
url:	https://access.redhat.com/errata/rhsa-2010:0918	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2010-3846	Trust: 0.6
url:	http://www.cvshome.org/eng/	Trust: 0.3
url:	http://secunia.com/products/corporate/evm/	Trust: 0.3
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.3
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.3
url:	http://secunia.com/products/corporate/vim/	Trust: 0.3
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.3
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.3
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.3
url:	http://secunia.com/advisories/41079/#comments	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=41079	Trust: 0.1
url:	https://rhn.redhat.com/errata/rhsa-2010-0918.html	Trust: 0.1
url:	http://secunia.com/advisories/42409/#comments	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=42409	Trust: 0.1
url:	http://secunia.com/advisories/42409/	Trust: 0.1
url:	http://secunia.com/advisories/42041/#comments	Trust: 0.1
url:	http://secunia.com/advisories/42041/	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=42041	Trust: 0.1

CREDITS

Jan Lieskovsky

Trust: 0.3

sources: BID: 44528

SOURCES

db:	CNVD	id:	CNVD-2010-2595
db:	BID	id:	44528
db:	JVNDB	id:	JVNDB-2010-002534
db:	PACKETSTORM	id:	95293
db:	PACKETSTORM	id:	96222
db:	PACKETSTORM	id:	95295
db:	CNNVD	id:	CNNVD-201011-046
db:	NVD	id:	CVE-2010-3846

LAST UPDATE DATE

2024-11-23T22:59:57.490000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2010-2595	date:	2010-11-02T00:00:00
db:	BID	id:	44528	date:	2015-04-13T21:59:00
db:	JVNDB	id:	JVNDB-2010-002534	date:	2010-12-21T00:00:00
db:	CNNVD	id:	CNNVD-201011-046	date:	2023-04-25T00:00:00
db:	NVD	id:	CVE-2010-3846	date:	2024-11-21T01:19:44.607

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2010-2595	date:	2010-11-02T00:00:00
db:	BID	id:	44528	date:	2010-10-28T00:00:00
db:	JVNDB	id:	JVNDB-2010-002534	date:	2010-12-21T00:00:00
db:	PACKETSTORM	id:	95293	date:	2010-11-01T01:34:47
db:	PACKETSTORM	id:	96222	date:	2010-11-30T05:50:29
db:	PACKETSTORM	id:	95295	date:	2010-11-01T01:34:52
db:	CNNVD	id:	CNNVD-201011-046	date:	2010-11-09T00:00:00
db:	NVD	id:	CVE-2010-3846	date:	2010-11-05T17:00:02.530