4 matches found
[SECURITY] [DSA 2108-1] New cvsnt package fixes arbitrary code execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - ------------------------------------------------------------------------ Debian Security Advisory DSA-2108-1 [email protected] http://www.debian.org/security/ Sebastien Delafond Sep 14, 2010 http://www.debian.org/security/faq - -...
CVE-2010-1326
perms.cpp in March Hare Software CVSNT 2.0.58, 2.5.01, 2.5.02, 2.5.03 before build 3736, 2.5.04 before build 2862; CVS Suite 2.5.03, 2008 before build 3736, and 2009 before 3729 allows remote attackers to bypass the permissions check, modify arbitrary modules and directories within CVSROOT, and...
CVE-2010-1326
CVE-2010-1326 affects CVSNT and related CVS Suite components from March Hare: versions 2.0.58, 2.5.01–2.5.03 (before builds 3736), 2.5.04 (before 2862), and CVS Suite 2008/2009 builds (before 3736/3729). The vulnerability allows remote attackers to bypass the permissions check, modify arbitrary m...
Debian DSA-2108-1 : cvsnt - programming error
It has been discovered that in cvsnt, a multi-platform version of the original source code versioning system CVS, an error in the authentication code allows a malicious, unprivileged user, through the use of a specially crafted branch name, to gain write access to any module or directory, includi...