Exploitation Summary
EIP tracks 2 public exploits for CVE-2004-0396. PoCs published by anonymous, Ac1dB1tCh3z.
AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in CVS server versions 1.11.1p1, 1.12.2, and 1.9.28 on Solaris 9/SPARC. It uses a crafted 'Entry' command to overflow the heap and execute shellcode, providing remote code execution.
Description
Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up to 1.12.7, when using the pserver mechanism allows remote attackers to execute arbitrary code via Entry lines.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by anonymous · cremotesolaris
https://www.exploit-db.com/exploits/301
This exploit targets a buffer overflow vulnerability in CVS server versions 1.11.1p1, 1.12.2, and 1.9.28 on Solaris 9/SPARC. It uses a crafted 'Entry' command to overflow the heap and execute shellcode, providing remote code execution.
Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target:
CVS (Concurrent Versions System) 1.11.1p1, 1.12.2, 1.9.28
Auth required
Prerequisites:
Network access to CVS server (port 2401) · Valid CVS repository path and credentials
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
exploitdb
WORKING POC
VERIFIED
by Ac1dB1tCh3z · cremotemultiple
https://www.exploit-db.com/exploits/300
This exploit targets a heap-based buffer overflow in CVS pserver (CVE-2004-0396) to achieve remote code execution. It includes brute-forcing for CVSROOT, username, and password, and contains shellcode for Linux/BSD systems.
Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target:
CVS pserver (versions prior to 1.11.17)
Auth required
Prerequisites:
Network access to CVS pserver · Valid or brute-forced credentials
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (28)
Core 28
Core References
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=108500040719512&w=2
Vendor Advisory vendor-advisory
x_refsource_mandrake
http://www.mandriva.com/security/advisories?name=MDKSA-2004:048
Various Sources mailing-list
x_refsource_bugtraq
http://cert.uni-stuttgart.de/archive/bugtraq/2004/05/msg00219.html
Mailing List vendor-advisory
x_refsource_openbsd
http://marc.info/?l=openbsd-security-announce&m=108508894405639&w=2
Various Sources vendor-advisory
x_refsource_freebsd
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:10.cvs.asc
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/11641
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/11652
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A970
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9058
Patch, Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2004-190.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/11674
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200405-12.xml
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/11651
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/6305
US Government Resource third-party-advisory
x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA04-147A.html
Third Party Advisory, US Government Resource third-party-advisory
government-resource
x_refsource_ciac
http://www.ciac.org/ciac/bulletins/o-147.shtml
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=108498454829020&w=2
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/11647
Mailing List vendor-advisory
x_refsource_fedora
http://marc.info/?l=bugtraq&m=108636445031613&w=2
Patch, Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/192038
Third Party Advisory mailing-list
x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0980.html
Patch, Vendor Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2004/dsa-505
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/16193
Various Sources x_refsource_misc
http://security.e-matters.de/advisories/072004.html
Vendor Advisory vendor-advisory
x_refsource_slackware
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.395865
Vendor Advisory vendor-advisory
x_refsource_netbsd
ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2004-008.txt.asc
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/10384
Mailing List vendor-advisory
x_refsource_suse
http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021742.html
Scores
EPSS
0.6753
EPSS Percentile
99.2%
Details
Status
published
Products (2)
cvs/cvs
1.11
cvs/cvs
1.12
Published
Jun 14, 2004
Tracked Since
Feb 18, 2026