Vulnerability Development mailing list archives
Re: [Fwd: Help needed with bufferoverflow in cvs]
From: larry.jones () sdrc com (Larry Jones)
Date: Wed, 20 Feb 2002 16:31:31 -0500 (EST)
it seems that cvs (version 1.10.7 from Debians stable repos) has a bufferoverflow but I'm but sure if it's exploitable
[...]
cvs diff -C`perl -e "print 'a' x 300"` tables.sql
[...]
Segmentation fault (core dumped)
It's not a buffer overflow (-Cx will produce the same result), it's an improperly initialized global variable (the code calls longjmp() with a global jmp_buf that was never initialized by setjmp() and thus is all zeros). It's not exploitable and it was fixed long ago in CVS 1.10.8. -Larry Jones I just can't identify with that kind of work ethic. -- Calvin
Current thread:
- Re: [Fwd: Help needed with bufferoverflow in cvs] Larry Jones (Feb 21)
- Re: [Fwd: Help needed with bufferoverflow in cvs] Tollef Fog Heen (Feb 21)
- Re: [Fwd: Help needed with bufferoverflow in cvs] Larry Jones (Feb 21)
- Re: [Fwd: Help needed with bufferoverflow in cvs] Turbo Fredriksson (Feb 22)
- Re: [Fwd: Help needed with bufferoverflow in cvs] Larry Jones (Feb 22)
- Re: [Fwd: Help needed with bufferoverflow in cvs] Crist J. Clark (Feb 22)
- Re: [Fwd: Help needed with bufferoverflow in cvs] Donald Sharp (Feb 22)
- Re: [Fwd: Help needed with bufferoverflow in cvs] Crist J. Clark (Feb 23)
- Re: [Fwd: Help needed with bufferoverflow in cvs] Larry Jones (Feb 21)
- Re: [Fwd: Help needed with bufferoverflow in cvs] Tollef Fog Heen (Feb 21)