Help needed with bufferoverflow in cvs

• Previous message: Mike Tone: "RE: UCD-snmp 4.2.1 exploit - proof of concept"
• Next in thread: Charles 'core' Stevenson: "Re: Help needed with bufferoverflow in cvs"
• Reply: Charles 'core' Stevenson: "Re: Help needed with bufferoverflow in cvs"
• Reply: J. Mallett: "Re: Help needed with bufferoverflow in cvs"
• Reply: Michel Arboi: "Re: Help needed with bufferoverflow in cvs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi all,

it seems that cvs (version 1.10.7 from Debians stable repos) has a
bufferoverflow but I'm but sure if it's exploitable

ls -la /usr/bin/cvs
-rwxr-xr-x    1 root     root       490160 Mar 22  2000 /usr/bin/cvs

no suid bit but it's owned by root

cvs diff -C`perl -e "print 'a' x 300"` tables.sql

Index: tables.sql
===================================================================
RCS file: /opt/CVSROOT/procedit/sql/tables.sql,v
retrieving revision 1.1
diff -u -3 -p
-Caaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-r1.1 tables.sql
cvs diff: context length specified twice
Segmentation fault (core dumped)

but couldn't it help someone to get access to the system ?

Best regards
Kim

• Next message: Rodrigo Barbosa: "Re: slocate bug."
• Previous message: Mike Tone: "RE: UCD-snmp 4.2.1 exploit - proof of concept"
• Next in thread: Charles 'core' Stevenson: "Re: Help needed with bufferoverflow in cvs"
• Reply: Charles 'core' Stevenson: "Re: Help needed with bufferoverflow in cvs"
• Reply: J. Mallett: "Re: Help needed with bufferoverflow in cvs"
• Reply: Michel Arboi: "Re: Help needed with bufferoverflow in cvs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Feb 20 2002 - 08:27:05 PST