[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(no subject)

From: tom
Subject: (no subject)
Date: Wed, 10 Jul 2002 21:42:09 +0200 (CEST)

>Submitter-Id:   net
>Originator:     Tom Vogt
>Confidential:  no
>Synopsis:      memory bug / potential buffer overflow problem
>Severity:      non-critical
>Priority:      medium
>Category:      cvs
>Class:         sw-bug
>Release:       1.11.1p1
System: Linux nox.lemuria.org 2.4.17 #1 Fri May 3 11:38:12 CEST 2002 i686 
Architecture: i686

on login failures, lines like the following appear in the syslog:
cvs: login failure by tom / 째^F^W@째^F^W@^P (for /home/cvs)
it should be obvious that the part behind the / is not any actual data, so it
most likely is grabbing into a wrong memory area there.
if the data that should be there is remotely-supplied (password? servername?)
it may be possible to exploit this.

install cvs, use pserver, fail login
works everytime for me


reply via email to

[Prev in Thread] Current Thread [Next in Thread]