The part behind the '/' is the descrambled password. I don't think that this is a memory or buffer overflow problem.
doanld On Wed, Jul 10, 2002 at 09:42:09PM +0200, [EMAIL PROTECTED] wrote: > > >Submitter-Id: net > >Originator: Tom Vogt > >Organization: > net > >Confidential: no > >Synopsis: memory bug / potential buffer overflow problem > >Severity: non-critical > >Priority: medium > >Category: cvs > >Class: sw-bug > >Release: 1.11.1p1 > >Environment: > > System: Linux nox.lemuria.org 2.4.17 #1 Fri May 3 11:38:12 CEST 2002 i686 unknown > Architecture: i686 > > >Description: > on login failures, lines like the following appear in the syslog: > cvs: login failure by tom / °^F^W@°^F^W@^P (for /home/cvs) > it should be obvious that the part behind the / is not any actual data, so it > most likely is grabbing into a wrong memory area there. > if the data that should be there is remotely-supplied (password? servername?) > it may be possible to exploit this. > > >How-To-Repeat: > install cvs, use pserver, fail login > works everytime for me > > >Fix: > > > _______________________________________________ > Bug-cvs mailing list > [EMAIL PROTECTED] > http://mail.gnu.org/mailman/listinfo/bug-cvs _______________________________________________ Bug-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/bug-cvs
