Vulnerability Development mailing list archives
Re: [DER ADV#8] - Local off by one in CVSD
From: Tollef Fog Heen <tollef () add no>
Date: 25 May 2002 22:30:05 +0200
* "david evlis reign" | Local off by one overflow in CVSD. There is no such thing as cvsd. It's called cvs in both server and client mode. [...] | in cvs-1.11/src/rcs.c: cvs-1.11 is ancient. cvs-1.11.2 is the current version, and it's fixed there. (It was fixed between .1p1 and .2.) | vendor notification: nope. uhm, why not? If you think there is a security hole in a product you should absolutely notify the vendor. -- Tollef Fog Heen ,''`. UNIX is user friendly, it's just picky about who its friends are : :' : `. `' `-
Current thread:
- [DER ADV#8] - Local off by one in CVSD david evlis reign (May 25)
- Re: [DER ADV#8] - Local off by one in CVSD Larry Jones (May 26)
- Re: [DER ADV#8] - Local off by one in CVSD Tollef Fog Heen (May 27)