CVE-2004-1471 - 漏洞详情

CVE-2004-1471 (CNNVD-200412-265)

HIGH 有利用代码

中文标题:

CVS Argumentx命令error_prog_name两次释放任意指令执行漏洞

英文标题:

Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 al...

CVSS分数: 7.1

发布时间: 2005-02-13 05:00:00

漏洞类型: 授权问题

状态: PUBLISHED

数据质量分数: 0.40

数据版本: v4

漏洞描述

中文描述:

Concurrent Versions System (CVS)是一款开放源代码的版本控制软件。 CVS "Argumentx"命令存在两次释放问题，远程攻击者可以利用这个漏洞以进程权限在系统上执行任意指令。 "Argumentx" 命令允许为先前提供的参数增加更多数据，这可以通过对最后一个存储参数进行重分配来操作，但是"Argumentx"没有检查在参数列表中是否有任何参数，因为当客户端断开连接的时候程序会释放这个列表，如果列表是空的，realloc()调用就会去试图释放一个不应该被这样操作的指针。此"double-free()"漏洞在多个Linux系统上成功利用。

英文描述:

Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line.

CWE类型:

（暂无数据）

受影响产品

厂商	产品	版本	版本范围	平台	CPE
cvs	cvs	1.10.7	-	-	`cpe:2.3:a:cvs:cvs:1.10.7:::::::*`
cvs	cvs	1.10.8	-	-	`cpe:2.3:a:cvs:cvs:1.10.8:::::::*`
cvs	cvs	1.11	-	-	`cpe:2.3:a:cvs:cvs:1.11:::::::*`
cvs	cvs	1.11.1	-	-	`cpe:2.3:a:cvs:cvs:1.11.1:::::::*`
cvs	cvs	1.11.1_p1	-	-	`cpe:2.3:a:cvs:cvs:1.11.1_p1:::::::*`
cvs	cvs	1.11.2	-	-	`cpe:2.3:a:cvs:cvs:1.11.2:::::::*`
cvs	cvs	1.11.3	-	-	`cpe:2.3:a:cvs:cvs:1.11.3:::::::*`
cvs	cvs	1.11.4	-	-	`cpe:2.3:a:cvs:cvs:1.11.4:::::::*`
cvs	cvs	1.11.5	-	-	`cpe:2.3:a:cvs:cvs:1.11.5:::::::*`
cvs	cvs	1.11.6	-	-	`cpe:2.3:a:cvs:cvs:1.11.6:::::::*`
cvs	cvs	1.11.10	-	-	`cpe:2.3:a:cvs:cvs:1.11.10:::::::*`
cvs	cvs	1.11.11	-	-	`cpe:2.3:a:cvs:cvs:1.11.11:::::::*`
cvs	cvs	1.11.14	-	-	`cpe:2.3:a:cvs:cvs:1.11.14:::::::*`
cvs	cvs	1.11.15	-	-	`cpe:2.3:a:cvs:cvs:1.11.15:::::::*`
cvs	cvs	1.11.16	-	-	`cpe:2.3:a:cvs:cvs:1.11.16:::::::*`
cvs	cvs	1.12.1	-	-	`cpe:2.3:a:cvs:cvs:1.12.1:::::::*`
cvs	cvs	1.12.2	-	-	`cpe:2.3:a:cvs:cvs:1.12.2:::::::*`
cvs	cvs	1.12.5	-	-	`cpe:2.3:a:cvs:cvs:1.12.5:::::::*`
cvs	cvs	1.12.7	-	-	`cpe:2.3:a:cvs:cvs:1.12.7:::::::*`
cvs	cvs	1.12.8	-	-	`cpe:2.3:a:cvs:cvs:1.12.8:::::::*`
openpkg	openpkg	1.3	-	-	`cpe:2.3:a:openpkg:openpkg:1.3:::::::*`
openpkg	openpkg	2.0	-	-	`cpe:2.3:a:openpkg:openpkg:2.0:::::::*`
openpkg	openpkg	current	-	-	`cpe:2.3:a:openpkg:openpkg:current:::::::*`
sgi	propack	2.4	-	-	`cpe:2.3:a:sgi:propack:2.4:::::::*`
sgi	propack	3.0	-	-	`cpe:2.3:a:sgi:propack:3.0:::::::*`
freebsd	freebsd	1.1.5.1	-	-	`cpe:2.3:o:freebsd:freebsd:1.1.5.1:::::::*`
freebsd	freebsd	2.0	-	-	`cpe:2.3:o:freebsd:freebsd:2.0:::::::*`
freebsd	freebsd	2.0.5	-	-	`cpe:2.3:o:freebsd:freebsd:2.0.5:::::::*`
freebsd	freebsd	2.1.0	-	-	`cpe:2.3:o:freebsd:freebsd:2.1.0:::::::*`
freebsd	freebsd	2.1.5	-	-	`cpe:2.3:o:freebsd:freebsd:2.1.5:::::::*`
freebsd	freebsd	2.1.6	-	-	`cpe:2.3:o:freebsd:freebsd:2.1.6:::::::*`
freebsd	freebsd	2.1.6.1	-	-	`cpe:2.3:o:freebsd:freebsd:2.1.6.1:::::::*`
freebsd	freebsd	2.1.7.1	-	-	`cpe:2.3:o:freebsd:freebsd:2.1.7.1:::::::*`
freebsd	freebsd	2.2	-	-	`cpe:2.3:o:freebsd:freebsd:2.2:::::::*`
freebsd	freebsd	2.2.2	-	-	`cpe:2.3:o:freebsd:freebsd:2.2.2:::::::*`
freebsd	freebsd	2.2.3	-	-	`cpe:2.3:o:freebsd:freebsd:2.2.3:::::::*`
freebsd	freebsd	2.2.4	-	-	`cpe:2.3:o:freebsd:freebsd:2.2.4:::::::*`
freebsd	freebsd	2.2.5	-	-	`cpe:2.3:o:freebsd:freebsd:2.2.5:::::::*`
freebsd	freebsd	2.2.6	-	-	`cpe:2.3:o:freebsd:freebsd:2.2.6:::::::*`
freebsd	freebsd	2.2.8	-	-	`cpe:2.3:o:freebsd:freebsd:2.2.8:::::::*`
freebsd	freebsd	3.0	-	-	`cpe:2.3:o:freebsd:freebsd:3.0:::::::*`
freebsd	freebsd	3.1	-	-	`cpe:2.3:o:freebsd:freebsd:3.1:::::::*`
freebsd	freebsd	3.2	-	-	`cpe:2.3:o:freebsd:freebsd:3.2:::::::*`
freebsd	freebsd	3.3	-	-	`cpe:2.3:o:freebsd:freebsd:3.3:::::::*`
freebsd	freebsd	3.4	-	-	`cpe:2.3:o:freebsd:freebsd:3.4:::::::*`
freebsd	freebsd	3.5	-	-	`cpe:2.3:o:freebsd:freebsd:3.5:::::::*`
freebsd	freebsd	3.5.1	-	-	`cpe:2.3:o:freebsd:freebsd:3.5.1:::::::*`
freebsd	freebsd	4.0	-	-	`cpe:2.3:o:freebsd:freebsd:4.0:::::::*`
freebsd	freebsd	4.1	-	-	`cpe:2.3:o:freebsd:freebsd:4.1:::::::*`
freebsd	freebsd	4.1.1	-	-	`cpe:2.3:o:freebsd:freebsd:4.1.1:::::::*`
freebsd	freebsd	4.2	-	-	`cpe:2.3:o:freebsd:freebsd:4.2:::::::*`
freebsd	freebsd	4.3	-	-	`cpe:2.3:o:freebsd:freebsd:4.3:::::::*`
freebsd	freebsd	4.4	-	-	`cpe:2.3:o:freebsd:freebsd:4.4:::::::*`
freebsd	freebsd	4.5	-	-	`cpe:2.3:o:freebsd:freebsd:4.5:::::::*`
freebsd	freebsd	4.6	-	-	`cpe:2.3:o:freebsd:freebsd:4.6:::::::*`
freebsd	freebsd	4.6.2	-	-	`cpe:2.3:o:freebsd:freebsd:4.6.2:::::::*`
freebsd	freebsd	4.7	-	-	`cpe:2.3:o:freebsd:freebsd:4.7:::::::*`
freebsd	freebsd	4.8	-	-	`cpe:2.3:o:freebsd:freebsd:4.8:::::::*`
freebsd	freebsd	4.9	-	-	`cpe:2.3:o:freebsd:freebsd:4.9:::::::*`
freebsd	freebsd	4.10	-	-	`cpe:2.3:o:freebsd:freebsd:4.10:::::::*`
freebsd	freebsd	5.0	-	-	`cpe:2.3:o:freebsd:freebsd:5.0:::::::*`
freebsd	freebsd	5.1	-	-	`cpe:2.3:o:freebsd:freebsd:5.1:::::::*`
freebsd	freebsd	5.2	-	-	`cpe:2.3:o:freebsd:freebsd:5.2:::::::*`
freebsd	freebsd	5.2.1	-	-	`cpe:2.3:o:freebsd:freebsd:5.2.1:release::::::`
gentoo	linux	1.4	-	-	`cpe:2.3:o:gentoo:linux:1.4:::::::*`
openbsd	openbsd	3.4	-	-	`cpe:2.3:o:openbsd:openbsd:3.4:::::::*`
openbsd	openbsd	3.5	-	-	`cpe:2.3:o:openbsd:openbsd:3.5:::::::*`
openbsd	openbsd	current	-	-	`cpe:2.3:o:openbsd:openbsd:current:::::::*`

解决方案

中文解决方案:

（暂无数据）

英文解决方案:

（暂无数据）

临时解决方案:

（暂无数据）

参考链接

无标题 x_refsource_MISC
cve.org

访问

10499 vdb-entry
cve.org

访问

FreeBSD-SA-04:14 vendor-advisory
cve.org

访问

cvs-wrapper-format-string(16365) vdb-entry
cve.org

访问

20040609 Advisory 09/2004: More CVS remote vulnerabilities mailing-list
cve.org

访问

ExploitDB EDB-24182 EXPLOIT
exploitdb

访问

Download Exploit EDB-24182 EXPLOIT
exploitdb

访问

CVE Reference: CVE-2004-1471 ADVISORY
cve.org

访问

CVSS评分详情

7.1

HIGH

CVSS向量: AV:N/AC:H/Au:S/C:C/I:C/A:C

CVSS版本: 2.0

机密性

COMPLETE

完整性

COMPLETE

可用性

COMPLETE

时间信息

发布时间:

2005-02-13 05:00:00

修改时间:

2024-08-08 00:53:23

创建时间:

2025-11-11 15:32:22

更新时间:

2026-01-26 02:16:52

利用信息

此漏洞有可利用代码！

利用代码数量: 1

利用来源:

未知

数据源详情

数据源	记录ID	版本	提取时间
CVE	`cve_CVE-2004-1471`	2025-11-11 15:17:30	2025-11-11 07:32:22
NVD	`nvd_CVE-2004-1471`	2025-11-11 14:50:55	2025-11-11 07:41:08
CNNVD	`cnnvd_CNNVD-200412-265`	2025-11-11 15:08:44	2025-11-11 07:48:55
EXPLOITDB	`exploitdb_EDB-24182`	2025-11-11 15:05:25	2025-11-11 08:20:02

版本与语言

当前版本: v4

主要语言: EN

支持语言:

EN ZH

其他标识符:

安全公告

暂无安全公告信息

变更历史

v4 EXPLOITDB

2025-11-11 16:20:02

references_count: 5 → 8; tags_count: 0 → 4; data_sources: ['cnnvd', 'cve', 'nvd'] → ['cnnvd', 'cve', 'exploitdb', 'nvd']

查看详细变更

references_count: 5 -> 8
tags_count: 0 -> 4
data_sources: ['cnnvd', 'cve', 'nvd'] -> ['cnnvd', 'cve', 'exploitdb', 'nvd']

v3 CNNVD

2025-11-11 15:48:55

vulnerability_type: 未提取 → 授权问题; cnnvd_id: 未提取 → CNNVD-200412-265; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']

查看详细变更

vulnerability_type: 未提取 -> 授权问题
cnnvd_id: 未提取 -> CNNVD-200412-265
data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']

v2 NVD

2025-11-11 15:41:08

severity: SeverityLevel.MEDIUM → SeverityLevel.HIGH; cvss_score: 未提取 → 7.1; cvss_vector: NOT_EXTRACTED → AV:N/AC:H/Au:S/C:C/I:C/A:C; cvss_version: NOT_EXTRACTED → 2.0; affected_products_count: 0 → 68; data_sources: ['cve'] → ['cve', 'nvd']

查看详细变更

severity: SeverityLevel.MEDIUM -> SeverityLevel.HIGH
cvss_score: 未提取 -> 7.1
cvss_vector: NOT_EXTRACTED -> AV:N/AC:H/Au:S/C:C/I:C/A:C
cvss_version: NOT_EXTRACTED -> 2.0
affected_products_count: 0 -> 68
data_sources: ['cve'] -> ['cve', 'nvd']

CVE-2004-1471 (CNNVD-200412-265)

中文标题:

CVS Argumentx命令error_prog_name两次释放任意指令执行漏洞

英文标题:

Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 al...

漏洞描述

中文描述:

英文描述:

CWE类型:

标签:

受影响产品

解决方案

中文解决方案:

英文解决方案:

临时解决方案:

参考链接

CVSS评分详情

时间信息

利用信息

数据源详情

版本与语言

安全公告

变更历史