OpenBSD: cvs Heap overflow vulnerability
Posted by LinuxSecurity.com Team   
OpenBSD Malignant clients can run arbitrary code on CVS servers.

Stefan Esser discovered a heap overflow in the CVS server that can be
exploited by clients sending malformed requests, enabling these clients to
run arbitrary code with the same privileges as the CVS server program.

CVE ID: CAN-2004-0396

The problem has been fixed in OpenBSD-current as well as the 3.5-stable
and 3.4-stable branches.

Patches are available from:
     ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/007_cvs2.patch
     ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/021_cvs2.patch

For more information, see:
     http://marc.theaimsgroup.com/?l=bugtraq&m=108498454829020&w=2
     http://ccvs.cvshome.org/servlets/NewsItemView?newsID=107