Issue 10838 - OpenOffice.org anoncvs should be patched ASAP against security flaw
Summary: OpenOffice.org anoncvs should be patched ASAP against security flaw
Status: CLOSED FIXED
Alias: None
Product: Infrastructure
Classification: Infrastructure
Component: _openoffice.org CVS (obsolete) (show other issues)
Version: current
Hardware: Sun Solaris
: P1 (highest) Trivial (vote)
Target Milestone: ---
Assignee: Unknown
QA Contact: issues@www
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2003-01-21 18:43 UTC by sander_traveling
Modified: 2003-12-06 14:52 UTC (History)
5 users (show)

See Also:
Issue Type: DEFECT
Latest Confirmation in: ---
Developer Difficulty: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.
Description sander_traveling 2003-01-21 18:43:15 UTC 
As reported in http://security.e-matters.de/advisories/012003.html, there is a
security
flaw in cvs that allows an atacker to attain a user (including root!) shell on a
machine
running a cvs server, including a read only anoncvs server. The cvs software
running 
on the OpenOffice.org anoncvs server should thus be patched ASAP.
Comment 1 sander_traveling 2003-01-21 18:47:34 UTC 
adding to CC: list
Comment 2 Unknown 2003-01-21 18:53:39 UTC 
Action Plan:
1) File an internal issue (PCN) for our engineers to address this
security flaw
2) update this issue when the engineers have updated the PCN
PCN 14272 filed, Step 1 complete
Comment 3 Unknown 2003-01-21 20:18:11 UTC 
All the sun machines were updated and patched on Jan 15th. Thanks for
your concerns. 

Step 2 complete, closing issue
Comment 4 michael.bemmer 2003-03-24 08:21:23 UTC 
As agreed by Louis I will close these resolved fixed support-owned issues now.
If you have trouble with that, please re-open the issue.
Comment 5 michael.bemmer 2003-03-24 08:25:43 UTC 
As agreed by Louis I will close these resolved fixed support-owned issues now.
If you have trouble with that, please re-open the issue.