Re: [DER ADV#8] - Local off by one in CVSD

From: Tollef Fog Heen (tollefat_private)
Date: Sat May 25 2002 - 13:30:05 PDT

Next message: hkvrg thdftghr: "VP-ASP shopping cart software."

Previous message: zillion: "AMANDA security issues"
Next in thread: Larry Jones: "Re: [DER ADV#8] - Local off by one in CVSD"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* "david evlis reign" 

| Local off by one overflow in CVSD.

There is no such thing as cvsd.  It's called cvs in both server and
client mode.

[...]

| in cvs-1.11/src/rcs.c:

cvs-1.11 is ancient.  cvs-1.11.2 is the current version, and it's
fixed there.  (It was fixed between .1p1 and .2.)

| vendor notification: nope.

uhm, why not?  If you think there is a security hole in a product you
should absolutely notify the vendor.

-- 
Tollef Fog Heen                                                        ,''`.
UNIX is user friendly, it's just picky about who its friends are      : :' :
                                                                      `. `' 
                                                                        `-

Next message: hkvrg thdftghr: "VP-ASP shopping cart software."
Previous message: zillion: "AMANDA security issues"
Next in thread: Larry Jones: "Re: [DER ADV#8] - Local off by one in CVSD"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon May 27 2002 - 09:24:24 PDT