[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Fwd: Help needed with bufferoverflow in cvs]
|
From: |
Tollef Fog Heen |
|
Subject: |
Re: [Fwd: Help needed with bufferoverflow in cvs] |
|
Date: |
20 Feb 2002 18:50:59 +0100 |
|
User-agent: |
Gnus/5.0808 (Gnus v5.8.8) Emacs/21.1 |
* Niels Heinen
*sigh*, what doesn't one get in the lap on one's first day as Debian's
cvs package maintainer? ;)
| FYI
|
| This was posted on vuln-dev@securityfocus.com today.
Thanks.
| it seems that cvs (version 1.10.7 from Debians stable repos) has a
| bufferoverflow but I'm but sure if it's exploitable
|
| ls -la /usr/bin/cvs
| -rwxr-xr-x 1 root root 490160 Mar 22 2000 /usr/bin/cvs
|
| no suid bit but it's owned by root
That it's owned by root shouldn't matter. The issue might be whether
it's possible to exploit this through pserver. I just got this
message and haven't had the time to look at it yet.
Will do and report back, asap (or at least asa I can find myself a
potato box).
--
Tollef Fog Heen
Unix _IS_ user friendly... It's just selective about who its friends are.