Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVStrac Remote Arbitrary Code Execution exploit

From: Richard Hipp <drh () hwaci com>
Date: 6 Aug 2004 16:51:16 -0000
In-Reply-To: <20040805175709.6995.qmail () web50508 mail yahoo com>


Received: (qmail 8445 invoked from network); 5 Aug 2004 19:10:40 -0000
Received: from outgoing.securityfocus.com (HELO outgoing2.securityfocus.com) (205.206.231.26)
 by mail.securityfocus.com with SMTP; 5 Aug 2004 19:10:40 -0000
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
      by outgoing2.securityfocus.com (Postfix) with QMQP
      id 465CF1437C6; Thu,  5 Aug 2004 12:02:39 -0600 (MDT)
Mailing-List: contact bugtraq-help () securityfocus com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq () securityfocus com>
List-Help: <mailto:bugtraq-help () securityfocus com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe () securityfocus com>
List-Subscribe: <mailto:bugtraq-subscribe () securityfocus com>
Delivered-To: mailing list bugtraq () securityfocus com
Delivered-To: moderator for bugtraq () securityfocus com
Received: (qmail 25727 invoked from network); 5 Aug 2004 11:48:48 -0000
Message-ID: <20040805175709.6995.qmail () web50508 mail yahoo com>
Date: Thu, 5 Aug 2004 10:57:09 -0700 (PDT)
From: Richard Ngo <rtngo () yahoo com>
Subject: CVStrac Remote Arbitrary Code Execution exploit
To: vulndb () securityfocus com
Cc: bugtraq () securityfocus com
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii

Hi, Im Richard Ngo, this is the first time i report an
exploit and found a remote exploit that could allow
arbitrary code execution in CVStrac.

sample exploit

filediff?f=CVSROOT/rcsinfo&v1=1.1&v2=1.2;w;

All versions vulnerable. I have not contacted
cvstrac.org since i cant find their email address.
Please give me credit for the exploit and *please dont
release the exploit code to the public* for other
websites security. Maybe just create an advisory.
Thank you.



The problem has been patched in the CVS archive and
in version 1.1.4 of CVSTrac.
Previous By Date Next
Previous By Thread Next

Current thread: