Date: Fri, 31 May 2002 08:50:03 -0700 (PDT) From: Makoto Matsushita <matusita@jp.FreeBSD.org> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/38765: CVS Daemon Vulnerability in 1.11.1p1 Message-ID: <200205311550.g4VFo3739248@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/38765; it has been noted by GNATS. From: Makoto Matsushita <matusita@jp.FreeBSD.org> To: Alex Dupre <sysadmin@alexdupre.com> Cc: bug-followup@FreeBSD.org Subject: Re: bin/38765: CVS Daemon Vulnerability in 1.11.1p1 Date: Sat, 01 Jun 2002 00:48:05 +0900 sysadmin> Due to a boundry condition error, it may be possible for a sysadmin> local attacker to execute arbitrary code. The rcs.c file sysadmin> contains an off-by-one error that could result in an sysadmin> attacker overwriting portions of stack memory, and executing sysadmin> arbitrary code. Is this bug fixed *really* in cvs-1.11.2? How did you confirm that? According to http://ccvs.cvshome.org/source/browse/ccvs/src/rcs.c, rev 1.259 is the fix. However, this change is occured *after* 1.11.2 was released. And, cvs-1.11.1 doesn't have this code. Sorry if I'm wrong. -- - Makoto `MAR' Matsushita To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200205311550.g4VFo3739248>