Bugtraq mailing list archives
Re: CVS DoS
From: kris () FREEBSD ORG (Kris Kennaway)
Date: Mon, 24 Apr 2000 13:57:57 -0700
On Sun, 23 Apr 2000, Michal Szymanski wrote:
behaviour, so long as it has been properly done. Unfortunately method of generating new file names is very simple and weak. Every file name is easily predictable and consists of two parts: /tmp/cvs-serv string and PID of the current working cvs server:
It's irrelevant whether the tempfile name is "weak" or not - it *has* to be predictable to other cvs servers to tell whether the repository is locked! The vulnerability described here is that users can write to the same part of the filesystem used by CVS to maintain its lock state. It's also not quite as serious as it might first sound, because anyone who can legitimately connect to the CVS server remotely via CVS can cause a lock to be taken out over any part of the repository, with the same effect. Kris ---- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe <forsythe () alum mit edu>
Current thread:
- Re: freebsd libncurses overflow, (continued)
- Re: freebsd libncurses overflow Kris Kennaway (Apr 24)
- Re: freebsd libncurses overflow Przemyslaw Frasunek (Apr 25)
- Re: freebsd libncurses overflow Bill Fumerola (Apr 24)
- Re: freebsd libncurses overflow Theo de Raadt (Apr 26)
- Denial of Service Against pcAnywhere. Vacuum (Apr 25)
- Re: IE 5 security vulnerablity - circumventing Cross-framesecurity policy using Java/JavaScript (and disabling ActiveScripting is not that easy) Georgi Guninski (Apr 24)
- Hotmail security hole - injecting JavaScript in IE using "@import url(http://host/hostile.css)" Georgi Guninski (Apr 24)
- Re: ZoneAlarm Gary Buckmaster (Apr 22)
- CVS DoS Michal Szymanski (Apr 23)
- Re: CVS DoS Kris Kennaway (Apr 24)
- Re: CVS DoS Kris Kennaway (Apr 24)
- finding Meeting Maker passwords using tcpdump mhpower () MIT EDU (Apr 24)
- ZoneAlarm Vulnerability Alfred Huger (Apr 25)
- Solaris Sparc 2.6 & 7 lp/lpset/lpstat root compromise exploit Laurent LEVIER (Apr 25)
- Re: Solaris Sparc 2.6 & 7 lp/lpset/lpstat root compromise exploit Casper Dik (Apr 26)
- Re: Solaris Sparc 2.6 & 7 lp/lpset/lpstat root compromise exploit Dimitri Avgoustakis (Apr 26)
- Re: Solaris Sparc 2.6 & 7 lp/lpset/lpstat root compromise exploit Theodor R. Gislason (Apr 26)
- SECURITY: UPDATED - RHSA-2000:014 New Piranha release available Cristian Gafton (Apr 26)