* Vince Vielhaber <vev@michvhf.com> [000925 11:55] wrote:
> On Mon, 25 Sep 2000, Alfred Perlstein wrote:
>
> > * Vince Vielhaber <vev@hub.org> [000925 07:50] wrote:
> > > Update of /home/projects/pgsql/cvsroot/www/html/devel-corner
> > > In directory hub.org:/home/projects/pgsql/developers/vev/www/html/devel-corner
> > >
> > > Modified Files:
> > > index.html
> > > Log Message:
> > >
> > > Updated cvsweb
> >
> > I haven't checked, but you guys are aware of the cvsweb vulnerability
> > that was posted a couple of weeks ago right?
>
> I missed that one. Do you recall any details?
It's on security focus:
Cvsweb 1.80 makes an insecure call to the
perl OPEN function, providing attackers with
write access to a cvs repository the ability to
execute arbitrary commands on the host
machine. The code that is being exploited
here is the following: open($fh, "rlog
'$filenames' 2>/dev/null |")
Do you guys have a private developers' list that doesn't get broadcast
back out that I can use if anything like this pops up in the future?
Actually, now that I've looked at it you guys seem to be using 1.93
a bit newer than the vulnerable version.
Sorry for the scare but you may want to double check.
--
-Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org]
"I have the heart of a child; I keep it in a jar on my desk."