From alex@vaio.alexdupre.com  Fri May 31 01:41:34 2002
Return-Path: <alex@vaio.alexdupre.com>
Received: from vaio.alexdupre.com (212-41-211-209.adsl.galactica.it [212.41.211.209])
	by hub.freebsd.org (Postfix) with ESMTP id 1814E37B405
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 31 May 2002 01:41:28 -0700 (PDT)
Received: from vaio.alexdupre.com (localhost [127.0.0.1])
	by vaio.alexdupre.com (8.12.2/8.12.2) with ESMTP id g4V8tApH000309
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 31 May 2002 10:55:10 +0200 (CEST)
	(envelope-from alex@vaio.alexdupre.com)
Received: (from alex@localhost)
	by vaio.alexdupre.com (8.12.2/8.12.2/Submit) id g4V8t9hK000308;
	Fri, 31 May 2002 10:55:09 +0200 (CEST)
Message-Id: <200205310855.g4V8t9hK000308@vaio.alexdupre.com>
Date: Fri, 31 May 2002 10:55:09 +0200 (CEST)
From: Alex Dupre <sysadmin@alexdupre.com>
Reply-To: Alex Dupre <sysadmin@alexdupre.com>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: CVS Daemon Vulnerability in 1.11.1p1
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         38765
>Category:       bin
>Synopsis:       CVS Daemon Vulnerability in 1.11.1p1
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    peter
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri May 31 01:50:01 PDT 2002
>Closed-Date:    Thu Jan 22 15:21:03 PST 2004
>Last-Modified:  Thu Jan 22 15:21:03 PST 2004
>Originator:     Alex Dupre
>Release:        FreeBSD 4.5-ALEXDUPRE i386
>Organization:
>Environment:
System: FreeBSD vaio.alexdupre.com 4.5-ALEXDUPRE FreeBSD 4.5-ALEXDUPRE #0: Fri Apr 12 14:12:57 CEST 2002 alex@vaio.alexdupre.com:/usr/obj/usr/src/sys/VAIO i386


	
>Description:
Due to a boundry condition error, it may be possible for a local attacker
to execute arbitrary code. The rcs.c file contains an off-by-one error that
could result in an attacker overwriting portions of stack memory, and
executing arbitrary code.
	
>How-To-Repeat:
	
>Fix:
Download cvs-1.11.2 from:
http://ccvs.cvshome.org/servlets/ProjectDownloadList?action=download&dlID=115
and import it into src/contrib/cvs following FREEBSD-upgrade instructions.
	


>Release-Note:
>Audit-Trail:

From: Makoto Matsushita <matusita@jp.FreeBSD.org>
To: Alex Dupre <sysadmin@alexdupre.com>
Cc: bug-followup@FreeBSD.org
Subject: Re: bin/38765: CVS Daemon Vulnerability in 1.11.1p1
Date: Sat, 01 Jun 2002 00:48:05 +0900

 sysadmin> Due to a boundry condition error, it may be possible for a
 sysadmin> local attacker to execute arbitrary code. The rcs.c file
 sysadmin> contains an off-by-one error that could result in an
 sysadmin> attacker overwriting portions of stack memory, and executing
 sysadmin> arbitrary code.
 
 Is this bug fixed *really* in cvs-1.11.2?  How did you confirm that?
 
 According to http://ccvs.cvshome.org/source/browse/ccvs/src/rcs.c, rev
 1.259 is the fix.  However, this change is occured *after* 1.11.2 was
 released.  And, cvs-1.11.1 doesn't have this code.  Sorry if I'm wrong.
 
 -- -
 Makoto `MAR' Matsushita

From: Alex Dupre <sysadmin@alexdupre.com>
To: Makoto Matsushita <matusita@jp.FreeBSD.org>
Cc: bug-followup@FreeBSD.org
Subject: Re: bin/38765: CVS Daemon Vulnerability in 1.11.1p1
Date: Fri, 31 May 2002 18:15:49 +0200

 Makoto Matsushita wrote:
 > Is this bug fixed *really* in cvs-1.11.2?  How did you confirm that?
 > 
 > According to http://ccvs.cvshome.org/source/browse/ccvs/src/rcs.c, rev
 > 1.259 is the fix.  However, this change is occured *after* 1.11.2 was
 > released.  And, cvs-1.11.1 doesn't have this code.  Sorry if I'm wrong.
 
 Nope, you are right. I thought it was fixed in 1.11.2, as reported by 
 securityfocus (http://online.securityfocus.com/bid/4829/solution/). But the 
 truth is that it's been fixed later, after the release. So it's not enough 
 to update to the latest release.
 
 -- 
 Alex Dupre                             sysadmin@alexdupre.com
 http://www.alexdupre.com/              alex@sm.FreeBSD.org
 

From: Makoto Matsushita <matusita@jp.FreeBSD.org>
To: sysadmin@alexdupre.com
Cc: bug-followup@FreeBSD.org
Subject: Re: bin/38765: CVS Daemon Vulnerability in 1.11.1p1
Date: Sat, 01 Jun 2002 01:30:51 +0900

 sysadmin> Nope, you are right. I thought it was fixed in 1.11.2, as
 sysadmin> reported by securityfocus
 sysadmin> (http://online.securityfocus.com/bid/4829/solution/).
 
 Ya, this report says other points, my assumption is not correct.
 
 <URL:http://online.securityfocus.com/archive/1/274281> shows the
 correct information.  This problem is fixed in src/rcs.c rev 1.252,
 which is between cvs-1.11.1 and cvs-1.11.2; FreeBSD's cvs has this bug.
 
 -- -
 Makoto `MAR' Matsushita
Responsible-Changed-From-To: freebsd-bugs->peter 
Responsible-Changed-By: johan 
Responsible-Changed-When: Tue Aug 20 11:33:42 PDT 2002 
Responsible-Changed-Why:  
Over to cvs maintainer. 

Peter, do our cvs version have this problem 
and is this a good reason to upgrade cvs to  
the latest release? 

http://www.freebsd.org/cgi/query-pr.cgi?pr=38765 

From: Alex Dupre <alex@vaio.alexdupre.com>
To: freebsd-gnats-submit@FreeBSD.org
Cc:  
Subject: Re: bin/38765: CVS Daemon Vulnerability in 1.11.1p1
Date: Wed, 19 Feb 2003 12:34:19 +0100 (CET)

 Close this obsolete PR, please.
 
 -- 
 Alex Dupre                             sysadmin@alexdupre.com
 http://www.alexdupre.com/              alex@sm.FreeBSD.org

From: Alex Dupre <sysadmin@alexdupre.com>
To: freebsd-gnats-submit@FreeBSD.org, peter@FreeBSD.org
Cc:  
Subject: Re: bin/38765: CVS Daemon Vulnerability in 1.11.1p1
Date: Sun, 3 Aug 2003 00:37:53 +0200

 Still waiting to be closed :)
 
 -- 
 Alex Dupre                             sysadmin@alexdupre.com
 http://www.alexdupre.com/              alex@sm.FreeBSD.org
 
 Today's excuse: Change your language to Finnish.
 
 
State-Changed-From-To: open->closed 
State-Changed-By: ale 
State-Changed-When: Thu Jan 22 15:18:51 PST 2004 
State-Changed-Why:  
Obsolate PR. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=38765 
>Unformatted:
