Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce - CVS: buffer overflow via proxy_connect

February 2012 by Vigil@nce

This bulletin was written by Vigil@nce : http://vigilance.fr/offer

SYNTHESIS OF THE VULNERABILITY

When the CVS client uses a malicious HTTP proxy, it can generate
an overflow in the client, in order to stop it, or to execute code.

Severity: 2/4

Creation date: 09/02/2012

IMPACTED PRODUCTS

 CVS
 Debian Linux
 Fedora
 Red Hat Enterprise Linux

DESCRIPTION OF THE VULNERABILITY

The CVS client can be configured to use an HTTP proxy, in order to
connect to a remote CVS server.

The proxy_connect() function of the src/client.c file analyzes the
HTTP reply of the proxy, which is for example:
HTTP/1.0 200 OK
[...]
In order to do so, it calls the sscanf() function, to split the
reply as the "HTTP/1.0" string followed by the error code (200 in
the example).

However, if the string before the error code is too long, a buffer
overflow occurs.

When the CVS client uses a malicious HTTP proxy, it can therefore
generate an overflow in the client, in order to stop it, or to
execute code.

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

http://vigilance.fr/vulnerability/CVS-buffer-overflow-via-proxy-connect-11349


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts