Date: Fri, 31 May 2002 10:55:09 +0200 (CEST) From: Alex Dupre <sysadmin@alexdupre.com> To: FreeBSD-gnats-submit@FreeBSD.org Subject: bin/38765: CVS Daemon Vulnerability in 1.11.1p1 Message-ID: <200205310855.g4V8t9hK000308@vaio.alexdupre.com>
next in thread | raw e-mail | index | archive | help
>Number: 38765 >Category: bin >Synopsis: CVS Daemon Vulnerability in 1.11.1p1 >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri May 31 01:50:01 PDT 2002 >Closed-Date: >Last-Modified: >Originator: Alex Dupre >Release: FreeBSD 4.5-ALEXDUPRE i386 >Organization: >Environment: System: FreeBSD vaio.alexdupre.com 4.5-ALEXDUPRE FreeBSD 4.5-ALEXDUPRE #0: Fri Apr 12 14:12:57 CEST 2002 alex@vaio.alexdupre.com:/usr/obj/usr/src/sys/VAIO i386 >Description: Due to a boundry condition error, it may be possible for a local attacker to execute arbitrary code. The rcs.c file contains an off-by-one error that could result in an attacker overwriting portions of stack memory, and executing arbitrary code. >How-To-Repeat: >Fix: Download cvs-1.11.2 from: http://ccvs.cvshome.org/servlets/ProjectDownloadList?action=download&dlID=115 and import it into src/contrib/cvs following FREEBSD-upgrade instructions. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200205310855.g4V8t9hK000308>