2 matches found
cvs security problem
I found two security problems in cvs-1.10.8. 1 A committer can execute any binary in server using CVS/Checkin.prog or CVS/Update.prog. A committer can execute arbitrary binary on a cvs server using Checkin.prog. Usually CVS/Checkin.prog in a working directory is copied from CVSROOT/modules when t...
CVS Kit CVS Server 1.10.8 - Checkin.prog Binary Execution
CVS Kit CVS Server 1.10.8 - Checkin.prog Binary Execution source: https://www.securityfocus.com/bid/1524/info A CVS committer can execute arbitrary binaries by using Checkin.prog. Usually CVS/Checkin.prog in a working directory is copied from CVSROOT/modules when the directory is "checkout"ed and...