[EMAIL PROTECTED] writes: > > on login failures, lines like the following appear in the syslog: > cvs: login failure by tom / °^F^W@°^F^W@^P (for /home/cvs) > it should be obvious that the part behind the / is not any actual data, so it > most likely is grabbing into a wrong memory area there. > if the data that should be there is remotely-supplied (password? servername?) > it may be possible to exploit this.
It's the right memory area, but it's already been free'ed. I can't imagine any way to exploit it. It's fixed (over a year ago) in CVS 1.11.2, which you can get from www.cvshome.org. -Larry Jones These pictures will remind us of more than we want to remember. -- Calvin's Mom _______________________________________________ Bug-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/bug-cvs