[cvsnt] Re: Security issue with cvs server?
Tony Hoyle
tmh at nodomain.org
Wed Jan 22 11:45:20 GMT 2003
On Wed, 22 Jan 2003 11:54:34 +0100, "Koen" <no at ssppaamm.com> wrote:
>Does anyone know if this is an issue for cvsnt or not?
>And if it is fixed, from what version?
>
There's a fix in the pipeline (a proper fix that should stop it
happening in the future, too). I'm a bit cheesed off that the news
was deliberately kept quiet and nobody was told... apparently they
knew about it a fortnight ago, and decided not to tell anyone. As it
happens, I finally got the details from slashdot of all places.
AFAIK it would be almost impossible to exploit this kind of thing
anyway - there's a bit of overhyping going on somewhere (the risk is
entirely theoretical - unlike buffer overruns which have been
exploited in the past, there's no record of anyone ever making a
double free do anything other than crash).
Tony
More information about the cvsnt
mailing list