Old CVS vulnerability

bug-cvs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Old CVS vulnerability - ever fixed?

From:	Michal Zalewski
Subject:	Old CVS vulnerability - ever fixed?
Date:	Sat, 13 Apr 2002 15:11:00 -0400 (EDT)

Hey,

There is pretty old CVS client-side vulnerability, originally mentioned
here: http://www.mail-archive.com/bug-cvs%40gnu.org/msg00385.html.
Actually, this message mentions two vulnerabilities, one of them is server
side, and another - client-side. While the first one is pretty
questionable, as it can be exploited only by "trusted" users with write
privileges, other one is pretty nasty, especially for people who use
anonymous CVS - if the server is compromised or communication is spoofed,
the attacker can effectively compromise the client system. There was a
lengthy discussion on bug-cvs back then on the first issue, but the second
issue went unnoticed.

My question is, was it ever addressed? I can't find any references to it
in ChangeLog or in any other places. If not, what was the reason? The fix
wouldn't be very difficult to implement and should not break any
functionality, while protecting client systems when sources are downloaded
from a hostile system.

PS. I'm not a bug-cvs subscriber, Cc: would be greatly appreciated.


-- 
_____________________________________________________
Michal Zalewski [lcamtuf@bos.bindview.com] [security]
[http://lcamtuf.coredump.cx] <=-=> bash$ :(){ :|:&};:
=-=> Did you know that clones never use mirrors? <=-=
          http://lcamtuf.coredump.cx/photo/

[Prev in Thread]

Current Thread

[Next in Thread]

Old CVS vulnerability - ever fixed?, Michal Zalewski <=

Prev by Date: 25세 이상만 보세요....25세이하 절대금지 [ 광 고 ]
Next by Date: 본메일은 무료쇼핑몰 선전입니다.== 필요하신분만 보세요==
Previous by thread: 25세 이상만 보세요....25세이하 절대금지 [ 광 고 ]
Next by thread: 본메일은 무료쇼핑몰 선전입니다.== 필요하신분만 보세요==
Index(es):
- Date
- Thread