Bugtraq mailing list archives

Re: CVS DoS

From: kris () FREEBSD ORG (Kris Kennaway)
Date: Mon, 24 Apr 2000 15:17:27 -0700


On Mon, 24 Apr 2000, Kris Kennaway wrote:

of the filesystem used by CVS to maintain its lock state. It's also not
quite as serious as it might first sound, because anyone who can
legitimately connect to the CVS server remotely via CVS can cause a lock
to be taken out over any part of the repository, with the same effect.


Sorry, but on further thought I don't think this is true. Locks are only
acquired for CVS write operations, not read operations.

Kris

----
In God we Trust -- all others must submit an X.509 certificate.
    -- Charles Forsythe <forsythe () alum mit edu>

Current thread:

Re: freebsd libncurses overflow, (continued)
- - - Re: freebsd libncurses overflow Przemyslaw Frasunek (Apr 25)
    - Re: freebsd libncurses overflow Bill Fumerola (Apr 24)
    - Re: freebsd libncurses overflow Theo de Raadt (Apr 26)
    - Denial of Service Against pcAnywhere. Vacuum (Apr 25)
  - Re: IE 5 security vulnerablity - circumventing Cross-framesecurity policy using Java/JavaScript (and disabling ActiveScripting is not that easy) Georgi Guninski (Apr 24)
  - Hotmail security hole - injecting JavaScript in IE using "@import url(http://host/hostile.css)" Georgi Guninski (Apr 24)
- ZoneAlarm Wally Whacker (Apr 20)
  - Re: ZoneAlarm Gary Buckmaster (Apr 22)
  - CVS DoS Michal Szymanski (Apr 23)
    - Re: CVS DoS Kris Kennaway (Apr 24)
    - Re: CVS DoS Kris Kennaway (Apr 24)
    - finding Meeting Maker passwords using tcpdump mhpower () MIT EDU (Apr 24)
    - ZoneAlarm Vulnerability Alfred Huger (Apr 25)
    - Solaris Sparc 2.6 & 7 lp/lpset/lpstat root compromise exploit Laurent LEVIER (Apr 25)
    - Re: Solaris Sparc 2.6 & 7 lp/lpset/lpstat root compromise exploit Casper Dik (Apr 26)
    - Re: Solaris Sparc 2.6 & 7 lp/lpset/lpstat root compromise exploit Dimitri Avgoustakis (Apr 26)
    - Re: Solaris Sparc 2.6 & 7 lp/lpset/lpstat root compromise exploit Theodor R. Gislason (Apr 26)
    - SECURITY: UPDATED - RHSA-2000:014 New Piranha release available Cristian Gafton (Apr 26)
  - gpm-root initgroups() Koblinger Egmont (Apr 23)
  - Postgresql cleartext password storage Robert van der Meulen (Apr 23)
    - Re: Postgresql cleartext password storage Alexandru Popa (Apr 24)

(Thread continues...)