Re: [DER ADV#8] - Local off by one in CVSD

From: Tollef Fog Heen (tollef@add.no)
Date: 05/25/02

• Previous message: zillion: "AMANDA security issues"
• In reply to: david evlis reign: "[DER ADV#8] - Local off by one in CVSD"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

To: "david evlis reign" <davidreign@hotmail.com>
From: Tollef Fog Heen <tollef@add.no>
Date: 25 May 2002 22:30:05 +0200

* "david evlis reign"

| Local off by one overflow in CVSD.

There is no such thing as cvsd. It's called cvs in both server and
client mode.

[...]

| in cvs-1.11/src/rcs.c:

cvs-1.11 is ancient. cvs-1.11.2 is the current version, and it's
fixed there. (It was fixed between .1p1 and .2.)

| vendor notification: nope.

uhm, why not? If you think there is a security hole in a product you
should absolutely notify the vendor.

-- 
Tollef Fog Heen                                                        ,''`.
UNIX is user friendly, it's just picky about who its friends are      : :' :
                                                                      `. `' 
                                                                        `-  

---

• Previous message: zillion: "AMANDA security issues"
• In reply to: david evlis reign: "[DER ADV#8] - Local off by one in CVSD"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > vuln-dev  > 2002-05