FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

monotone -- remote denial of service in default setup

Affected packages
monotone < 0.48.1

Details

VuXML ID c9a6ae4a-df8b-11df-9573-00262d5ed8ee
Discovery 2010-10-21
Entry 2010-10-24

The monotone developers report:

Running "mtn ''" or "mtn ls ''" doesn't cause an internal error anymore. In monotone 0.48 and earlier this behavior could be used to crash a server remotely (but only if it was configured to allow execution of remote commands).

References

FreeBSD PR ports/151665
URL http://www.monotone.ca/NEWS
URL http://www.thomaskeller.biz/blog/2010/10/22/monotone-0-48-1-released-please-update-your-servers/