bug-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fwd: Help needed with bufferoverflow in cvs]


From: Tollef Fog Heen
Subject: Re: [Fwd: Help needed with bufferoverflow in cvs]
Date: 20 Feb 2002 18:50:59 +0100
User-agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/21.1

* Niels Heinen 

*sigh*, what doesn't one get in the lap on one's first day as Debian's
cvs package maintainer? ;)

| FYI
| 
| This was posted on vuln-dev@securityfocus.com today.

Thanks.

| it seems that cvs (version 1.10.7 from Debians stable repos) has a
| bufferoverflow but I'm but sure if it's exploitable
| 
| ls -la /usr/bin/cvs
| -rwxr-xr-x    1 root     root       490160 Mar 22  2000 /usr/bin/cvs
| 
| no suid bit but it's owned by root

That it's owned by root shouldn't matter.  The issue might be whether
it's possible to exploit this through pserver.  I just got this
message and haven't had the time to look at it yet.

Will do and report back, asap (or at least asa I can find myself a
potato box).

-- 
Tollef Fog Heen
Unix _IS_ user friendly... It's just selective about who its friends are.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]