| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 7 Apr 2003 12:25:31 -0700
From: Immunix Security Team <security@...ex.com>
To: bugtraq@...urityfocus.com, immunix-announce@...unix.org,
linsec@...ts.seifried.org
Subject: Immunix Secured OS 7+ cvs update
-----------------------------------------------------------------------
Immunix Secured OS Security Advisory
Packages updated: cvs
Affected products: ImmunixOS 7.0, 7+
Bugs fixed: CAN-2003-0015
Date: Wed Apr 2 2003
Advisory ID: IMNX-2003-7+-004-01
Author: Seth Arnold <sarnold@...ex.com>
-----------------------------------------------------------------------
Description:
Stefan Esser discovered a double free() bug in CVS that can be
remotely exploited by anonymous users to gain write access to the CVS
repository. This write access can be converted into execute access
using the CVS protocol commands "Checkin-prog" and "Update-prog".
Igor Dobrovitski: "The impact of a successful exploitation is not
that great: an unprivileged access to the system, where your calls to
getuid() will return a number that's far from 0 (cvs drops provileges,
and does it right)."
We did not disable the Checkin-prog and Update-prog protocol commands;
be aware that granting CVS write access is tantamount to also giving
execute access on the repository.
References: http://security.e-matters.de/advisories/012003.html
http://www.securityfocus.com/archive/1/309913/2003-02-01/2003-02-04/0
Package names and locations:
Precompiled binary packages for Immunix 7+ are available at:
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/cvs-1.11.1p1-4_imnx_2.i386.rpm
Immunix OS 7+ md5sums:
543c97b146ef652d2a8497e83822ffc2 cvs-1.11.1p1-4_imnx_2.i386.rpm
GPG verification:
Our public key is available at <http://wirex.com/security/GPG_KEY>.
NOTE:
Ibiblio is graciously mirroring our updates, so if the links above are
slow, please try:
ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
or one of the many mirrors available at:
http://www.ibiblio.org/pub/Linux/MIRRORS.html
ImmunixOS 6.2 is no longer officially supported.
ImmunixOS 7.0 is no longer officially supported.
Contact information:
To report vulnerabilities, please contact security@...ex.com. WireX
attempts to conform to the RFP vulnerability disclosure protocol
<http://www.wiretrip.net/rfp/policy.html>.
Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists