From owner-freebsd-security  Tue Jan 21  7:16:37 2003
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E237837B401
	for <security@freebsd.org>; Tue, 21 Jan 2003 07:16:34 -0800 (PST)
Received: from mail.distalzou.net (203.141.139.231.user.ad.il24.net [203.141.139.231])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4C66843EB2
	for <security@freebsd.org>; Tue, 21 Jan 2003 07:16:29 -0800 (PST)
	(envelope-from devin@spamcop.net)
Received: from localhost ([127.0.0.1])
	by mail.distalzou.net with esmtp (TLSv1:DES-CBC3-SHA:168)
	(Exim 3.36 #1)
	id 18b08T-0003Vc-00
	for security@freebsd.org; Wed, 22 Jan 2003 00:16:22 +0900
Date: Wed, 22 Jan 2003 00:16:21 +0900 (JST)
From: Tod McQuillin <devin@spamcop.net>
X-X-Sender: devin@glass.pun-pun.prv
To: security@freebsd.org
Subject: CVS remote vulnerability
Message-ID: <20030122001452.O455@glass.pun-pun.prv>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


Heads up... http://security.e-matters.de/advisories/012003.html

I don't know if FreeBSD is affected but the advisory claims "I was also
able to create proof of concept code that uses this vulnerability to
execute arbitrary shell commands on BSD servers".
-- 
Tod McQuillin


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message