bug-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(no subject)


From: tom
Subject: (no subject)
Date: Wed, 10 Jul 2002 21:42:09 +0200 (CEST)

>Submitter-Id:   net
>Originator:     Tom Vogt
>Organization:
net
>Confidential:  no
>Synopsis:      memory bug / potential buffer overflow problem
>Severity:      non-critical
>Priority:      medium
>Category:      cvs
>Class:         sw-bug
>Release:       1.11.1p1
>Environment:
        
System: Linux nox.lemuria.org 2.4.17 #1 Fri May 3 11:38:12 CEST 2002 i686 
unknown
Architecture: i686

>Description:
on login failures, lines like the following appear in the syslog:
cvs: login failure by tom / address@hidden@^P (for /home/cvs)
it should be obvious that the part behind the / is not any actual data, so it
most likely is grabbing into a wrong memory area there.
if the data that should be there is remotely-supplied (password? servername?)
it may be possible to exploit this.

>How-To-Repeat:
install cvs, use pserver, fail login
works everytime for me

>Fix:




reply via email to

[Prev in Thread] Current Thread [Next in Thread]