CVS v1.11.4 and below contains a double free bug which allows attackers with read access to execute code on the server by sending a malformed directory name. By default, CVS runs with root privileges. Patch available here.
cf1e29270d759e81797059b571c99eff0c58d3aa9fffcdeb234d72fc4c3a22a7
Vulnerabilities in Your Code Part II - Format string vulnerabilities and exploitation. Shows the exact location of the vulnerabilities, providing detailed explanations and exploits for each one found.
8c24f5e7710930cc45684d33d0daebaf7d08df845a23878ef36b0304e4c5c79f
CERT Advisory CA-2003-02 - Systems running CVS Home project versions of CVS prior to 1.11.5 allow non-authenticated remote attackers with read only access to execute arbitrary code. Vendor status information available here.
17de6d4fcd37cb08a404a427065be676f4b3066c9a1c51f006c3a279d9291e05
iDEFENSE Security Advisory 01.21.03: Buffer Overflows in Mandrake Linux printer-drivers Package. Three vulnerabilities exist, the worst of which allows local root compromise. Overflows in the mtink and escputil binaries, which are set group id sys, allow an attacker to gain sys group privileges. A race condition in the ml85p binary, which is set user id root, allows an attacker to create a file with super user privileges.
7176f37ea45e1920e9e214222d1b7446b1bb27eb36daf186f9b7edeb3b38a417