Remote root exploit for stable CVS releases up to 1.11.15 and CVS feature releases up to 1.12.7. Linux and FreeBSD version. Anonymously submitted.
cbba2ce54b3c6d2fab06e83029be065535aa55e80f9747949b5f4579b7f3ef21
Stable CVS releases up to 1.11.15 and CVS feature releases up to 1.12.7 both contain a flaw when deciding if a CVS entry line should get a modified or unchanged flag attached. This results in a heap overflow which can be exploited to execute arbitrary code on the CVS server. This could allow a repository compromise.
00c2f250dd0b9f331e85b739415381b86f0e2189bb6869f8fc74364b3f7c03d1