[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
(no subject)
|
From: |
tom |
|
Subject: |
(no subject) |
|
Date: |
Wed, 10 Jul 2002 21:42:09 +0200 (CEST) |
>Submitter-Id: net
>Originator: Tom Vogt
>Organization:
net
>Confidential: no
>Synopsis: memory bug / potential buffer overflow problem
>Severity: non-critical
>Priority: medium
>Category: cvs
>Class: sw-bug
>Release: 1.11.1p1
>Environment:
System: Linux nox.lemuria.org 2.4.17 #1 Fri May 3 11:38:12 CEST 2002 i686
unknown
Architecture: i686
>Description:
on login failures, lines like the following appear in the syslog:
cvs: login failure by tom / °^F^W@°^F^W@^P (for /home/cvs)
it should be obvious that the part behind the / is not any actual data, so it
most likely is grabbing into a wrong memory area there.
if the data that should be there is remotely-supplied (password? servername?)
it may be possible to exploit this.
>How-To-Repeat:
install cvs, use pserver, fail login
works everytime for me
>Fix:
- (no subject), ºîÊ÷Ç¿, 2002/07/05
- (no subject),
tom <=
- (no subject), Didier FORT, 2002/07/11
- (no subject), °ü¸®ÀÚ, 2002/07/11
- (no subject), zuwei, 2002/07/17
- (no subject), Rodney Kadura, 2002/07/17
- (no subject), Free Concert Tickets!, 2002/07/25
- (no subject), lamaison, 2002/07/25
- (no subject), Unknown, 2002/07/25