[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: vuln needs investigation and need a new form



On Mon, Jan 12, 2004 at 08:45:47AM -0800, Jesse Keating wrote:
> So, I just saw this morning that RH issued an update for CVS, and in the 
> information there was this line:
> 
> A flaw was found in versions of CVS prior to 1.11.10 where a malformed
> module request could cause the CVS server to attempt to create files or
> directories at the root level of the file system.  However, normal file
> system permissions would prevent the creation of these misplaced
> directories.  The Common Vulnerabilities and Exposures project
> (cve.mitre.org) has assigned the name CAN-2003-0977 to this issue.
> 
> Since RHL 8/7.x presumably have a CVS version that is prior to 1.11.10, 
> we need to investigate and possibly backport the fix.  Any volunteers ?
> 

Seth posted a src.rpm to the list a week or so ago for cvs to fix a more
serious root exploit vuln.  I was in the process of verifying it to
submit to the bugzilla, so I can check this out as well and patch it in.

-j

Attachment: pgp00025.pgp
Description: PGP signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]