[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

OpenBSD security patch #7 - cvs server buffer overflow vulnerability

From: "Philemon Daubard" <phil AT kodezone POINT com>
To: <openbsd-france-misc AT openbsd-france POINT org>
Subject: OpenBSD security patch #7 - cvs server buffer overflow vulnerability
Date: Fri, 21 May 2004 00:09:29 +0200

Bonsoir,

un nouveau patch vient de voir le jour, voir ci-dessous pour les details.

Philemon Daubard.
System & Network Administrator
kodezone interactive - OpenBSD web hosting and custom IT services
URL: <http://www.kodezone.com/> 

-----Original Message-----
From: owner-security-announce AT openbsd POINT org
[mailto:owner-security-announce AT openbsd POINT org] On Behalf Of Otto Moerbeek
Sent: jeudi 20 mai 2004 23:14
To: security-announce AT openbsd POINT org
Subject: cvs server buffer overflow vulnerability


Stefan Esser discovered a heap overflow in the CVS server that can be
exploited by clients sending malformed requests, enabling these clients to
run arbitrary code with the same privileges as the CVS server program.

CVE ID: CAN-2004-0396

The problem has been fixed in OpenBSD-current as well as the 3.5-stable
and 3.4-stable branches.

Patches are available from:
    ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/007_cvs2.patch
    ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/021_cvs2.patch

For more information, see:
    http://marc.theaimsgroup.com/?l=bugtraq&m=108498454829020&w=2
    http://ccvs.cvshome.org/servlets/NewsItemView?newsID=107

Prev by Date: Re: [openbsd-france-misc] Cron n'execute pas correctement un script ?
Next by Date: Re: [openbsd-france-misc] Cron n'execute pas correctement un script ?
Previous by thread: Re: [openbsd-france-misc] isakmpd.policy avec certificats
Next by thread: Création d'une image complete
Index(es):
- Date
- Thread