Re: Anonymized posting.

[Florian Weimer <fw () deneb enyo de>]

* Dave Aitel forwarded something:

> http://packetstormsecurity.org/0405-exploits/cvs_solaris_HEAP.c

> These obviously were not written post-publication of CAN-2004-0396.
> They were infact written prior to the publication of CAN-2003-0015.

In the Solaris exploit, the date and Solaris versions are
inconsistent.

But even after this bug, most pserver sites won't migrate away from
it.  Some already have, after break-ins which couldn't be properly
explained.  Of course, this doesn't help much if there are other bugs
in the CVS code.

GNU arch uses existing file servers (HTTP or FTP), but is distinctly
different from CVS (and has some usability issues).  Subversion, the
next-generation CVS replacement, comes with a very complex server.

-- 
Current mail filters: many dial-up/DSL/cable modem hosts, and the
following domains: bigpond.com, di-ve.com, hotmail.com, jumpy.it,
libero.it, netscape.net, postino.it, simplesnet.pt, spymac.com,
tatanova.com, tiscali.co.uk, tiscali.cz, tiscali.it, voila.fr, yahoo.com.
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave