CVE-2004-1471
First published: Fri Dec 31 2004(Updated: )
Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| CVS | =1.10.7 | |
| CVS | =1.10.8 | |
| CVS | =1.11 | |
| CVS | =1.11.1 | |
| CVS | =1.11.1_p1 | |
| CVS | =1.11.2 | |
| CVS | =1.11.3 | |
| CVS | =1.11.4 | |
| CVS | =1.11.5 | |
| CVS | =1.11.6 | |
| CVS | =1.11.10 | |
| CVS | =1.11.11 | |
| CVS | =1.11.14 | |
| CVS | =1.11.15 | |
| CVS | =1.11.16 | |
| CVS | =1.12.1 | |
| CVS | =1.12.2 | |
| CVS | =1.12.5 | |
| CVS | =1.12.7 | |
| CVS | =1.12.8 | |
| openpkg openpkg | =1.3 | |
| openpkg openpkg | =2.0 | |
| openpkg openpkg | =current | |
| SGI ProPack | =2.4 | |
| SGI ProPack | =3.0 | |
| FreeBSD FreeBSD | =1.1.5.1 | |
| FreeBSD FreeBSD | =2.0 | |
| FreeBSD FreeBSD | =2.0.5 | |
| FreeBSD FreeBSD | =2.1.0 | |
| FreeBSD FreeBSD | =2.1.5 | |
| FreeBSD FreeBSD | =2.1.6 | |
| FreeBSD FreeBSD | =2.1.6.1 | |
| FreeBSD FreeBSD | =2.1.7.1 | |
| FreeBSD FreeBSD | =2.2 | |
| FreeBSD FreeBSD | =2.2.2 | |
| FreeBSD FreeBSD | =2.2.3 | |
| FreeBSD FreeBSD | =2.2.4 | |
| FreeBSD FreeBSD | =2.2.5 | |
| FreeBSD FreeBSD | =2.2.6 | |
| FreeBSD FreeBSD | =2.2.8 | |
| FreeBSD FreeBSD | =3.0 | |
| FreeBSD FreeBSD | =3.0-releng | |
| FreeBSD FreeBSD | =3.1 | |
| FreeBSD FreeBSD | =3.2 | |
| FreeBSD FreeBSD | =3.3 | |
| FreeBSD FreeBSD | =3.4 | |
| FreeBSD FreeBSD | =3.5 | |
| FreeBSD FreeBSD | =3.5-stable | |
| FreeBSD FreeBSD | =3.5.1 | |
| FreeBSD FreeBSD | =3.5.1-release | |
| FreeBSD FreeBSD | =3.5.1-stable | |
| FreeBSD FreeBSD | =4.0 | |
| FreeBSD FreeBSD | =4.0-alpha | |
| FreeBSD FreeBSD | =4.0-releng | |
| FreeBSD FreeBSD | =4.1 | |
| FreeBSD FreeBSD | =4.1.1 | |
| FreeBSD FreeBSD | =4.1.1-release | |
| FreeBSD FreeBSD | =4.1.1-stable | |
| FreeBSD FreeBSD | =4.2 | |
| FreeBSD FreeBSD | =4.2-stable | |
| FreeBSD FreeBSD | =4.3 | |
| FreeBSD FreeBSD | =4.3-release | |
| FreeBSD FreeBSD | =4.3-release_p38 | |
| FreeBSD FreeBSD | =4.3-releng | |
| FreeBSD FreeBSD | =4.3-stable | |
| FreeBSD FreeBSD | =4.4 | |
| FreeBSD FreeBSD | =4.4-release_p42 | |
| FreeBSD FreeBSD | =4.4-releng | |
| FreeBSD FreeBSD | =4.4-stable | |
| FreeBSD FreeBSD | =4.5 | |
| FreeBSD FreeBSD | =4.5-release | |
| FreeBSD FreeBSD | =4.5-release_p32 | |
| FreeBSD FreeBSD | =4.5-releng | |
| FreeBSD FreeBSD | =4.5-stable | |
| FreeBSD FreeBSD | =4.6 | |
| FreeBSD FreeBSD | =4.6-release | |
| FreeBSD FreeBSD | =4.6-release_p20 | |
| FreeBSD FreeBSD | =4.6-releng | |
| FreeBSD FreeBSD | =4.6-stable | |
| FreeBSD FreeBSD | =4.6.2 | |
| FreeBSD FreeBSD | =4.7 | |
| FreeBSD FreeBSD | =4.7-release | |
| FreeBSD FreeBSD | =4.7-release_p17 | |
| FreeBSD FreeBSD | =4.7-releng | |
| FreeBSD FreeBSD | =4.7-stable | |
| FreeBSD FreeBSD | =4.8 | |
| FreeBSD FreeBSD | =4.8-pre-release | |
| FreeBSD FreeBSD | =4.8-release_p6 | |
| FreeBSD FreeBSD | =4.8-releng | |
| FreeBSD FreeBSD | =4.9 | |
| FreeBSD FreeBSD | =4.9-pre-release | |
| FreeBSD FreeBSD | =4.9-releng | |
| FreeBSD FreeBSD | =4.10 | |
| FreeBSD FreeBSD | =4.10-release | |
| FreeBSD FreeBSD | =4.10-releng | |
| FreeBSD FreeBSD | =5.0 | |
| FreeBSD FreeBSD | =5.0-alpha | |
| FreeBSD FreeBSD | =5.0-release_p14 | |
| FreeBSD FreeBSD | =5.0-releng | |
| FreeBSD FreeBSD | =5.1 | |
| FreeBSD FreeBSD | =5.1-alpha | |
| FreeBSD FreeBSD | =5.1-release | |
| FreeBSD FreeBSD | =5.1-release_p5 | |
| FreeBSD FreeBSD | =5.1-releng | |
| FreeBSD FreeBSD | =5.2 | |
| FreeBSD FreeBSD | =5.2.1-release | |
| FreeBSD FreeBSD | =5.2.1-releng | |
| Gentoo Linux | =1.4 | |
| OpenBSD | =3.4 | |
| OpenBSD | =3.5 | |
| OpenBSD | =current |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2004-1471?
CVE-2004-1471 has a high severity rating due to its potential for causing application crashes and executing arbitrary code.
How do I fix CVE-2004-1471?
To fix CVE-2004-1471, upgrade to a version of CVS that is not vulnerable, specifically versions beyond 1.12.8 and 1.11.16.
What types of systems are affected by CVE-2004-1471?
CVE-2004-1471 affects various versions of CVS, including 1.11.x and 1.12.x, as well as Openpkg and SGI ProPack implementations.
What kind of attack can CVE-2004-1471 facilitate?
CVE-2004-1471 allows remote attackers with commit access to use format string specifiers to cause crashes or execute arbitrary commands.
Is CVE-2004-1471 a local or remote vulnerability?
CVE-2004-1471 is classified as a remote vulnerability, as it can be exploited by attackers with CVSROOT commit access.
- agent/references
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/remedy
- agent/last-modified-date
- agent/severity
- agent/description
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/cvs
- canonical/cvs
- version/cvs/1.10.7
- version/cvs/1.10.8
- version/cvs/1.11
- version/cvs/1.11.1
- version/cvs/1.11.1_p1
- version/cvs/1.11.2
- version/cvs/1.11.3
- version/cvs/1.11.4
- version/cvs/1.11.5
- version/cvs/1.11.6
- version/cvs/1.11.10
- version/cvs/1.11.11
- version/cvs/1.11.14
- version/cvs/1.11.15
- version/cvs/1.11.16
- version/cvs/1.12.1
- version/cvs/1.12.2
- version/cvs/1.12.5
- version/cvs/1.12.7
- version/cvs/1.12.8
- vendor/openpkg
- canonical/openpkg openpkg
- version/openpkg openpkg/1.3
- version/openpkg openpkg/2.0
- version/openpkg openpkg/current
- vendor/sgi
- canonical/sgi propack
- version/sgi propack/2.4
- version/sgi propack/3.0
- vendor/freebsd
- canonical/freebsd freebsd
- version/freebsd freebsd/1.1.5.1
- version/freebsd freebsd/2.0
- version/freebsd freebsd/2.0.5
- version/freebsd freebsd/2.1.0
- version/freebsd freebsd/2.1.5
- version/freebsd freebsd/2.1.6
- version/freebsd freebsd/2.1.6.1
- version/freebsd freebsd/2.1.7.1
- version/freebsd freebsd/2.2
- version/freebsd freebsd/2.2.2
- version/freebsd freebsd/2.2.3
- version/freebsd freebsd/2.2.4
- version/freebsd freebsd/2.2.5
- version/freebsd freebsd/2.2.6
- version/freebsd freebsd/2.2.8
- version/freebsd freebsd/3.0
- version/freebsd freebsd/3.0-releng
- version/freebsd freebsd/3.1
- version/freebsd freebsd/3.2
- version/freebsd freebsd/3.3
- version/freebsd freebsd/3.4
- version/freebsd freebsd/3.5
- version/freebsd freebsd/3.5-stable
- version/freebsd freebsd/3.5.1
- version/freebsd freebsd/3.5.1-release
- version/freebsd freebsd/3.5.1-stable
- version/freebsd freebsd/4.0
- version/freebsd freebsd/4.0-alpha
- version/freebsd freebsd/4.0-releng
- version/freebsd freebsd/4.1
- version/freebsd freebsd/4.1.1
- version/freebsd freebsd/4.1.1-release
- version/freebsd freebsd/4.1.1-stable
- version/freebsd freebsd/4.2
- version/freebsd freebsd/4.2-stable
- version/freebsd freebsd/4.3
- version/freebsd freebsd/4.3-release
- version/freebsd freebsd/4.3-release_p38
- version/freebsd freebsd/4.3-releng
- version/freebsd freebsd/4.3-stable
- version/freebsd freebsd/4.4
- version/freebsd freebsd/4.4-release_p42
- version/freebsd freebsd/4.4-releng
- version/freebsd freebsd/4.4-stable
- version/freebsd freebsd/4.5
- version/freebsd freebsd/4.5-release
- version/freebsd freebsd/4.5-release_p32
- version/freebsd freebsd/4.5-releng
- version/freebsd freebsd/4.5-stable
- version/freebsd freebsd/4.6
- version/freebsd freebsd/4.6-release
- version/freebsd freebsd/4.6-release_p20
- version/freebsd freebsd/4.6-releng
- version/freebsd freebsd/4.6-stable
- version/freebsd freebsd/4.6.2
- version/freebsd freebsd/4.7
- version/freebsd freebsd/4.7-release
- version/freebsd freebsd/4.7-release_p17
- version/freebsd freebsd/4.7-releng
- version/freebsd freebsd/4.7-stable
- version/freebsd freebsd/4.8
- version/freebsd freebsd/4.8-pre-release
- version/freebsd freebsd/4.8-release_p6
- version/freebsd freebsd/4.8-releng
- version/freebsd freebsd/4.9
- version/freebsd freebsd/4.9-pre-release
- version/freebsd freebsd/4.9-releng
- version/freebsd freebsd/4.10
- version/freebsd freebsd/4.10-release
- version/freebsd freebsd/4.10-releng
- version/freebsd freebsd/5.0
- version/freebsd freebsd/5.0-alpha
- version/freebsd freebsd/5.0-release_p14
- version/freebsd freebsd/5.0-releng
- version/freebsd freebsd/5.1
- version/freebsd freebsd/5.1-alpha
- version/freebsd freebsd/5.1-release
- version/freebsd freebsd/5.1-release_p5
- version/freebsd freebsd/5.1-releng
- version/freebsd freebsd/5.2
- version/freebsd freebsd/5.2.1-release
- version/freebsd freebsd/5.2.1-releng
- vendor/gentoo
- canonical/gentoo linux
- version/gentoo linux/1.4
- vendor/openbsd
- canonical/openbsd
- version/openbsd/3.4
- version/openbsd/3.5
- version/openbsd/current