Hey,
There is pretty old CVS client-side vulnerability, originally mentioned here: http://www.mail-archive.com/bug-cvs%40gnu.org/msg00385.html. Actually, this message mentions two vulnerabilities, one of them is server side, and another - client-side. While the first one is pretty questionable, as it can be exploited only by "trusted" users with write privileges, other one is pretty nasty, especially for people who use anonymous CVS - if the server is compromised or communication is spoofed, the attacker can effectively compromise the client system. There was a lengthy discussion on bug-cvs back then on the first issue, but the second issue went unnoticed. My question is, was it ever addressed? I can't find any references to it in ChangeLog or in any other places. If not, what was the reason? The fix wouldn't be very difficult to implement and should not break any functionality, while protecting client systems when sources are downloaded from a hostile system. PS. I'm not a bug-cvs subscriber, Cc: would be greatly appreciated. -- _____________________________________________________ Michal Zalewski [[EMAIL PROTECTED]] [security] [http://lcamtuf.coredump.cx] <=-=> bash$ :(){ :|:&};: =-=> Did you know that clones never use mirrors? <=-= http://lcamtuf.coredump.cx/photo/ _______________________________________________ Bug-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/bug-cvs
