Contributed by jose on from the chunk-already-free dept.
"006: SECURITY FIX: January 20, 2003 A double free in cvs(1) could allow an attacker to execute code with the privileges of the user running CVS. This is only an issue when the cvs command is being run on a user's behalf as a different user. This means that, in most cases, the issue only exists for CVS configurations that use the pserver client/server connection method. A source code patch exists which remedies the problem."The original advisory states the problem quite clearly, and this morning I noticed that patch006 is available which fixes the problem. Instructions on how to apply the patch and rebuild your cvs(1) installation are included in the patch.
(Comments are closed)
By Anonymous Coward () on
(now where are the trolls who used to say that OpenBSD's patches are slow...)
By Anonymous Coward () on
http://www.deadly.org/commentShow.php3?sid=20021105015933&pid=462
Re: Patches
by Miod Vallat (miod@openbsd.org) on Wednesday, November 06 @11:14AM
A patch for the various httpd problems is in the works. Please be patient.
Don't think that this is farst.
By jose () on http://monkey.org/~jose/
From: Todd C. Miller
To: security-announce@openbsd.org
Subject: patch for cvs security issue available
There is a double free in cvs that could allow an attacker to execute
code with the privileges of the user running cvs. This is only an
issue when the cvs command is being run on a user's behalf as a
different user. This means that, in most cases, the issue only
exists for cvs configurations that use the "pserver" client/server
connection method. If you use cvs via ssh then there is no privilege
to escalate.
OpenBSD anoncvs mirrors should not be affected by this since cvs
is run in a chrooted environment where the anoncvs user does not
have write permission.
Credit goes to Stefan Esser for finding this issue.
Patch for OpenBSD 3.2:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/006_cvs.patch
Patch for OpenBSD 3.1:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/020_cvs.patch
The 3.2-stable branch has been updated with the patch and the
3.1-stable branch will be updated shortly.
- todd
By Michael van der Westhuizen () on
If you don't like the way OpenBSD works, don't use it.
If you're too lame to run -stable or maintain your own set of binary patches, don't use OpenBSD.
If you're _that_ worried about arbitrary fixes not having patches released (lynx CD/LF, httpd cross site scripting etc.), create the patches yourself. It's all there, it's all in CVS.
Most of the time the fixes released probably don't affect you at all anyway - you need to evaluate that yourself based on how you use OpenBSD.
Rather than moan all the time you could try to contribute code... or maybe buy a CD... or maybe make a donation - if you do none of these, then STFU.
By mra () on
Does anyone know how a double free() is exploitable? I'm not trying to create an exploit for this issue, I'm just trying to understand how a running program can be hijacked by trying to free() a chunk of memory twice.
By Anonymous Coward () on