CVS Daemon RCS Off By One Local Buffer Overflow Vulnerability

CVS Daemon RCS Off By One Local Buffer Overflow Vulnerability

CVS is the concurrent versioning system. CVS is a freely available, open source software development package for the Unix, Linux, and Microsoft Windows platforms.

Due to a boundry condition error, it may be possible for a local attacker to execute arbitrary code. The rcs.c file contains an off-by-one error that could result in an attacker overwriting portions of stack memory, and executing arbitrary code.