From owner-freebsd-bugs Fri May 31 1:50:21 2002 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 53C4A37B404 for ; Fri, 31 May 2002 01:50:02 -0700 (PDT) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g4V8o2T53964; Fri, 31 May 2002 01:50:02 -0700 (PDT) (envelope-from gnats) Received: from vaio.alexdupre.com (212-41-211-209.adsl.galactica.it [212.41.211.209]) by hub.freebsd.org (Postfix) with ESMTP id 1814E37B405 for ; Fri, 31 May 2002 01:41:28 -0700 (PDT) Received: from vaio.alexdupre.com (localhost [127.0.0.1]) by vaio.alexdupre.com (8.12.2/8.12.2) with ESMTP id g4V8tApH000309 for ; Fri, 31 May 2002 10:55:10 +0200 (CEST) (envelope-from alex@vaio.alexdupre.com) Received: (from alex@localhost) by vaio.alexdupre.com (8.12.2/8.12.2/Submit) id g4V8t9hK000308; Fri, 31 May 2002 10:55:09 +0200 (CEST) Message-Id: <200205310855.g4V8t9hK000308@vaio.alexdupre.com> Date: Fri, 31 May 2002 10:55:09 +0200 (CEST) From: Alex Dupre Reply-To: Alex Dupre To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: bin/38765: CVS Daemon Vulnerability in 1.11.1p1 Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 38765 >Category: bin >Synopsis: CVS Daemon Vulnerability in 1.11.1p1 >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri May 31 01:50:01 PDT 2002 >Closed-Date: >Last-Modified: >Originator: Alex Dupre >Release: FreeBSD 4.5-ALEXDUPRE i386 >Organization: >Environment: System: FreeBSD vaio.alexdupre.com 4.5-ALEXDUPRE FreeBSD 4.5-ALEXDUPRE #0: Fri Apr 12 14:12:57 CEST 2002 alex@vaio.alexdupre.com:/usr/obj/usr/src/sys/VAIO i386 >Description: Due to a boundry condition error, it may be possible for a local attacker to execute arbitrary code. The rcs.c file contains an off-by-one error that could result in an attacker overwriting portions of stack memory, and executing arbitrary code. >How-To-Repeat: >Fix: Download cvs-1.11.2 from: http://ccvs.cvshome.org/servlets/ProjectDownloadList?action=download&dlID=115 and import it into src/contrib/cvs following FREEBSD-upgrade instructions. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message