CVS Daemon RCS Off By One Local Buffer Overflow Vulnerability

CVS Daemon RCS Off By One Local Buffer Overflow Vulnerability

Solution:
SGI has released an advisory 20040202-01-U to address this and other issues in SGI ProPack 2.4. Please see the referenced advisory for more information. Fixes are available below.

RedHat has released an advisory RHSA-2004:004-05 with fixes to address this and other issues. Please see the referenced advisory for more information.

SGI has released an advisory 20040103-01-U with fixes to address this and other issues. Please see the referenced advisory for more information.

Fixes available:

CVS CVS 1.11

Caldera cvs-1.11-8.i386.rpm
3.1.1 Server
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-035 .0/RPMS/cvs-1.11-8.i386.rpm

Caldera cvs-1.11-8.i386.rpm
3.1.1 Workstation
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-200 2-035.0/RPMS/cvs-1.11-8.i386.rpm

Caldera cvs-1.11-8.i386.rpm
3.1 Server
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-035.0 /RPMS/cvs-1.11-8.i386.rpm

Caldera cvs-1.11-8.i386.rpm
3.1 Workstation
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002- 035.0/RPMS/cvs-1.11-8.i386.rpm

CVS cvs-1.11.2.tar.gz
http://ccvs.cvshome.org/servlets/ProjectDownloadList?action=download&d lID=115

SGI ProPack 2.3

SGI patch10043.tar.gz
ftp://patches.sgi.com/support/free/security/patches/ProPack/2.3/

SGI ProPack 2.4

SGI patch10044.tar.gz
ftp://patches.sgi.com/support/free/security/patches/ProPack/2.4/patch1 0044.tar.gz