Vulnerability Development mailing list archives

Re: Help needed with bufferoverflow in cvs

From: Charles 'core' Stevenson <core () bokeoa com>
Date: Wed, 20 Feb 2002 19:15:52 -0700

I can't seem to duplicate the buffer overflow on unstable. Version:

ii  cvs            1.11.1p1-2     Concurrent Versions System

Best Regards,
Charles 'core' Stevenson

kn () insecurity dk wrote:


Hi all,

it seems that cvs (version 1.10.7 from Debians stable repos) has a
bufferoverflow but I'm but sure if it's exploitable

ls -la /usr/bin/cvs
-rwxr-xr-x    1 root     root       490160 Mar 22  2000 /usr/bin/cvs

no suid bit but it's owned by root

cvs diff -C`perl -e "print 'a' x 300"` tables.sql

Index: tables.sql
===================================================================
RCS file: /opt/CVSROOT/procedit/sql/tables.sql,v
retrieving revision 1.1
diff -u -3 -p
-Caaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-r1.1
 tables.sql
cvs diff: context length specified twice
Segmentation fault (core dumped)

but couldn't it help someone to get access to the system ?

Best regards
Kim

Current thread:

Help needed with bufferoverflow in cvs kn (Feb 20)
- Re: Help needed with bufferoverflow in cvs Charles 'core' Stevenson (Feb 21)
  - Re: Help needed with bufferoverflow in cvs kn (Feb 21)
- Re: Help needed with bufferoverflow in cvs J. Mallett (Feb 21)
- Re: Help needed with bufferoverflow in cvs Michel Arboi (Feb 21)