Test ID:	1.3.6.1.4.1.25623.1.0.52672
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-117-1 (cvs)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to cvs announced via advisory USN-117-1. A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) The following packages are affected: cvs Details follow: Alen Zukich discovered a buffer overflow in the processing of version and author information in the CVS client. By tricking an user to connect to a malicious CVS server, an attacker could exploit this to execute arbitrary code with the privileges of the connecting user. Solution: The problem can be corrected by upgrading the affected package to version 1:1.12.9-1ubuntu0.1 (for Ubuntu 4.10), or 1:1.12.9-9ubuntu0.1 (for Ubuntu 5.04). In general, a standard system upgrade is sufficient to effect the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-117-1 Risk factor : High CVSS Score: 7.5
Cross-Ref:	BugTraq ID: 13217 Common Vulnerability Exposure (CVE) ID: CVE-2005-0753 14976 http://secunia.com/advisories/14976/ DSA-742 http://www.debian.org/security/2005/dsa-742 GLSA-200504-16 http://www.gentoo.org/security/en/glsa/glsa-200504-16.xml RHSA-2005:387 http://www.redhat.com/support/errata/RHSA-2005-387.html SUSE-SA:2005:024 http://www.novell.com/linux/security/advisories/2005_24_cvs.html cvs-bo(20148) https://exchange.xforce.ibmcloud.com/vulnerabilities/20148 http://bugs.gentoo.org/attachment.cgi?id=54352&action=view oval:org.mitre.oval:def:9688 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9688
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.