[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Fwd: Help needed with bufferoverflow in cvs]
|
From: |
Tollef Fog Heen |
|
Subject: |
Re: [Fwd: Help needed with bufferoverflow in cvs] |
|
Date: |
22 Feb 2002 18:43:25 +0100 |
|
User-agent: |
Gnus/5.0808 (Gnus v5.8.8) Emacs/21.1 |
* (Larry Jones)
| Tollef Fog Heen writes:
| >
| > * (Larry Jones)
| > |
| > | It's not a buffer overflow (-Cx will produce the same result), it's an
| > | improperly initialized global variable (the code calls longjmp() with a
| > | global jmp_buf that was never initialized by setjmp() and thus is all
| > | zeros). It's not exploitable and it was fixed long ago in CVS 1.10.8.
| >
| > I am not too sure about that, please see the strace output from the
| > server:
|
| You're not too sure about *what*, that it's not a buffer overflow, that
| it's caused by calling longjmp() with an all-zero jmp_buf, that it's not
| exploitable, or that it was fixed long ago?!?
That it's not exploitable.
| > This is 1.10.7-7; do you have the patch for this problem handy?
|
| The best fix is to upgrade to a reasonably current release of CVS, which
| you can get from www.cvshome.org. The current release is 1.11.1p1. If
| you insist on patching an obsolete version:
Thanks a lot; debian backports patches to stable, and since I'm not too sure
that it's not exploitable, I like to be on the safe side.
--
Tollef Fog Heen
Unix _IS_ user friendly... It's just selective about who its friends are.
- Re: [Fwd: Help needed with bufferoverflow in cvs], (continued)
Re: [Fwd: Help needed with bufferoverflow in cvs], Larry Jones, 2002/02/20
Re: [Fwd: Help needed with bufferoverflow in cvs],
Tollef Fog Heen <=