Dailydave mailing list archives
Re: Anonymized posting.
From: Florian Weimer <fw () deneb enyo de>
Date: Sun, 23 May 2004 21:17:29 +0200
* Dave Aitel forwarded something:
http://packetstormsecurity.org/0405-exploits/cvs_solaris_HEAP.c
These obviously were not written post-publication of CAN-2004-0396. They were infact written prior to the publication of CAN-2003-0015.
In the Solaris exploit, the date and Solaris versions are inconsistent. But even after this bug, most pserver sites won't migrate away from it. Some already have, after break-ins which couldn't be properly explained. Of course, this doesn't help much if there are other bugs in the CVS code. GNU arch uses existing file servers (HTTP or FTP), but is distinctly different from CVS (and has some usability issues). Subversion, the next-generation CVS replacement, comes with a very complex server. -- Current mail filters: many dial-up/DSL/cable modem hosts, and the following domains: bigpond.com, di-ve.com, hotmail.com, jumpy.it, libero.it, netscape.net, postino.it, simplesnet.pt, spymac.com, tatanova.com, tiscali.co.uk, tiscali.cz, tiscali.it, voila.fr, yahoo.com. _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Anonymized posting. Dave Aitel (May 14)
- <Possible follow-ups>
- Anonymized posting. Dave Aitel (May 23)
- Re: Anonymized posting. Florian Weimer (May 23)
- Re: Anonymized posting. Dave Aitel (May 23)