[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: (no subject)
|
From: |
Donald Sharp |
|
Subject: |
Re: (no subject) |
|
Date: |
Wed, 10 Jul 2002 15:58:24 -0400 |
|
User-agent: |
Mutt/1.2.5.1i |
The part behind the '/' is the descrambled password. I
don't think that this is a memory or buffer overflow problem.
doanld
On Wed, Jul 10, 2002 at 09:42:09PM +0200, tom@lemuria.org wrote:
>
> >Submitter-Id: net
> >Originator: Tom Vogt
> >Organization:
> net
> >Confidential: no
> >Synopsis: memory bug / potential buffer overflow problem
> >Severity: non-critical
> >Priority: medium
> >Category: cvs
> >Class: sw-bug
> >Release: 1.11.1p1
> >Environment:
>
> System: Linux nox.lemuria.org 2.4.17 #1 Fri May 3 11:38:12 CEST 2002 i686
> unknown
> Architecture: i686
>
> >Description:
> on login failures, lines like the following appear in the syslog:
> cvs: login failure by tom / °^F^W@°^F^W@^P (for /home/cvs)
> it should be obvious that the part behind the / is not any actual data, so it
> most likely is grabbing into a wrong memory area there.
> if the data that should be there is remotely-supplied (password? servername?)
> it may be possible to exploit this.
>
> >How-To-Repeat:
> install cvs, use pserver, fail login
> works everytime for me
>
> >Fix:
>
>
> _______________________________________________
> Bug-cvs mailing list
> Bug-cvs@gnu.org
> http://mail.gnu.org/mailman/listinfo/bug-cvs
- (no subject), ºîÊ÷Ç¿, 2002/07/05
- (no subject), tom, 2002/07/10
- (no subject), Didier FORT, 2002/07/11
- (no subject), °ü¸®ÀÚ, 2002/07/11
- (no subject), zuwei, 2002/07/17
- (no subject), Rodney Kadura, 2002/07/17
- (no subject), Free Concert Tickets!, 2002/07/25
- (no subject), lamaison, 2002/07/25
- (no subject), Unknown, 2002/07/25
- (no subject), Unknown, 2002/07/28
- (no subject), Unknown, 2002/07/28