NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Vuln-Dev> 2002-q2

From: Tollef Fog Heen (tollefadd.no)
Date: Sat May 25 2002 - 15:30:05 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* "david evlis reign"

| Local off by one overflow in CVSD.

There is no such thing as cvsd. It's called cvs in both server and
client mode.

[...]

| in cvs-1.11/src/rcs.c:

cvs-1.11 is ancient. cvs-1.11.2 is the current version, and it's
fixed there. (It was fixed between .1p1 and .2.)

| vendor notification: nope.

uhm, why not? If you think there is a security hole in a product you
should absolutely notify the vendor.

-- 
Tollef Fog Heen                                                        ,''`.
UNIX is user friendly, it's just picky about who its friends are      : :' :
                                                                      `. `' 
                                                                        `-

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]