[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fwd: Help needed with bufferoverflow in cvs]

From: Tollef Fog Heen
Subject: Re: [Fwd: Help needed with bufferoverflow in cvs]
Date: 22 Feb 2002 18:43:25 +0100
User-agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/21.1

*  (Larry Jones)

| Tollef Fog Heen writes:
| > 
| > *  (Larry Jones)
| > | 
| > | It's not a buffer overflow (-Cx will produce the same result), it's an
| > | improperly initialized global variable (the code calls longjmp() with a
| > | global jmp_buf that was never initialized by setjmp() and thus is all
| > | zeros).  It's not exploitable and it was fixed long ago in CVS 1.10.8.
| > 
| > I am not too sure about that, please see the strace output from the
| > server:
| You're not too sure about *what*, that it's not a buffer overflow, that
| it's caused by calling longjmp() with an all-zero jmp_buf, that it's not
| exploitable, or that it was fixed long ago?!?

That it's not exploitable.

| > This is 1.10.7-7; do you have the patch for this problem handy?
| The best fix is to upgrade to a reasonably current release of CVS, which
| you can get from www.cvshome.org.  The current release is 1.11.1p1.  If
| you insist on patching an obsolete version:

Thanks a lot; debian backports patches to stable, and since I'm not too sure
that it's not exploitable, I like to be on the safe side.

Tollef Fog Heen
Unix _IS_ user friendly... It's just selective about who its friends are.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]