remote cyrus exploits?
lst_hoe01 at kwsoft.de
lst_hoe01 at kwsoft.de
Tue Nov 23 04:13:21 EST 2004
Zitat von Derrick J Brashear <shadow at dementia.org>:
> On Mon, 22 Nov 2004, David Powicki wrote:
>
> >
> > What's the word on susceptibility of versions based on the remote
> > vulnerability documented at:
> >
> > http://security.e-matters.de/advisories/152004.html
> >
> > Are ALL versions of cyrus pre-2.2.9 vulnerable, including 2.1.X?
>
> If you read the report at the URL he summarizes which versions have which
> bugs. The PARTIAL and FETCH bugs are there earlier, including in 2.1.x.
> Both of these are "one byte memory corruption" ... "allows remote code
> execution, when the heap layout was successfully controlled by the
> attacker." Heap attacks are more difficult than the usual stack overflow
> attacks, but it would be smart to upgrade. The relevant portions of the
> patch between 2.2.8 and 2.2.9 can be applied (most likely by hand) to
> 2.1.x.
Have i got it right that only the first listed bug is exploitable without a
valid login??
Regards
Andreas
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
More information about the Info-cyrus
mailing list