bug-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: (no subject)


From: Larry Jones
Subject: Re: (no subject)
Date: Wed, 10 Jul 2002 15:55:25 -0400 (EDT)

address@hidden writes:
> 
> on login failures, lines like the following appear in the syslog:
> cvs: login failure by tom / address@hidden@^P (for /home/cvs)
> it should be obvious that the part behind the / is not any actual data, so it
> most likely is grabbing into a wrong memory area there.
> if the data that should be there is remotely-supplied (password? servername?)
> it may be possible to exploit this.

It's the right memory area, but it's already been free'ed.  I can't
imagine any way to exploit it.

It's fixed (over a year ago) in CVS 1.11.2, which you can get from
www.cvshome.org.

-Larry Jones

These pictures will remind us of more than we want to remember.
-- Calvin's Mom



reply via email to

[Prev in Thread] Current Thread [Next in Thread]