|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Thor Lancelot Simon (tls_at_rek.tjls.com)
Date: Tue Jan 21 2003 - 06:37:19 CST
On Tue, Jan 21, 2003 at 09:36:37AM +1100, Daniel Carosone wrote:
> On Mon, Jan 20, 2003 at 10:58:02PM +0100, hypno
sajberbettan.kennelsonline.net wrote:
> >
> > http://security.e-matters.de/advisories/012003.html
> >
> > NetBSD CVS servers secure?
>
> Yes. We were advised of the issue ahead of release and our servers
> were patched, as were the in-tree sources. The construction of
> our anoncvs servers is such that they wouldn't have been vulnerable
> to any useful exploit anyway.
Just to be clear about this, you really have to work at it to make your
anoncvs server vulnerable to this problem; your repository sources or
system binaries must be owned by the user the anoncvs server runs as.
Our anoncvs server has never been configured that way. I have real
trouble understanding how anyone else could so configure theirs; it
seems grossly irresponsible.
Thor
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]