[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: (no subject)
|
From: |
Larry Jones |
|
Subject: |
Re: (no subject) |
|
Date: |
Wed, 10 Jul 2002 15:55:25 -0400 (EDT) |
tom@lemuria.org writes:
>
> on login failures, lines like the following appear in the syslog:
> cvs: login failure by tom / °^F^W@°^F^W@^P (for /home/cvs)
> it should be obvious that the part behind the / is not any actual data, so it
> most likely is grabbing into a wrong memory area there.
> if the data that should be there is remotely-supplied (password? servername?)
> it may be possible to exploit this.
It's the right memory area, but it's already been free'ed. I can't
imagine any way to exploit it.
It's fixed (over a year ago) in CVS 1.11.2, which you can get from
www.cvshome.org.
-Larry Jones
These pictures will remind us of more than we want to remember.
-- Calvin's Mom
- (no subject), ºîÊ÷Ç¿, 2002/07/05
- (no subject), tom, 2002/07/10
- (no subject), Didier FORT, 2002/07/11
- (no subject), °ü¸®ÀÚ, 2002/07/11
- (no subject), zuwei, 2002/07/17
- (no subject), Rodney Kadura, 2002/07/17
- (no subject), Free Concert Tickets!, 2002/07/25
- (no subject), lamaison, 2002/07/25
- (no subject), Unknown, 2002/07/25
- (no subject), Unknown, 2002/07/28