Bugtraq: Re: CVS DoS

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: CVS DoS

From: kris () FREEBSD ORG (Kris Kennaway)
Date: Mon, 24 Apr 2000 15:17:27 -0700


On Mon, 24 Apr 2000, Kris Kennaway wrote:

of the filesystem used by CVS to maintain its lock state. It's also not
quite as serious as it might first sound, because anyone who can
legitimately connect to the CVS server remotely via CVS can cause a lock
to be taken out over any part of the repository, with the same effect.


Sorry, but on further thought I don't think this is true. Locks are only
acquired for CVS write operations, not read operations.

Kris

----
In God we Trust -- all others must submit an X.509 certificate.
    -- Charles Forsythe <forsythe () alum mit edu>

By Date By Thread

Current thread:

Hotmail security hole - injecting JavaScript in IE using "@import url(http://host/hostile.css)", (continued)
- ZoneAlarm Wally Whacker (Apr 20)
  - Re: ZoneAlarm Gary Buckmaster (Apr 22)
  - CVS DoS Michal Szymanski (Apr 23)
    - Re: CVS DoS Kris Kennaway (Apr 24)
    - Re: CVS DoS Kris Kennaway (Apr 24)
    - finding Meeting Maker passwords using tcpdump mhpower () MIT EDU (Apr 24)
    - ZoneAlarm Vulnerability Alfred Huger (Apr 25)
    - Solaris Sparc 2.6 & 7 lp/lpset/lpstat root compromise exploit Laurent LEVIER (Apr 25)
    - Re: Solaris Sparc 2.6 & 7 lp/lpset/lpstat root compromise exploit Casper Dik (Apr 26)
    - Re: Solaris Sparc 2.6 & 7 lp/lpset/lpstat root compromise exploit Dimitri Avgoustakis (Apr 26)