4 matches found
UBUNTU-CVE-2017-12836
CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar."...
CVE-2017-8386: using the less command to bypass the git-shell limit-vulnerability warning-the black bar safety net
git-shell git remote session on the introduction of a ssh tunnel, is a restricted shell. Its the basic idea behind is, in the ssh session limit to be able to execute the command, so that it can only execute git needs the appropriate command. git needs to execute the command as follows:...
CVS Max-dotdot Protocol Command Integer Overflow - Ver2 (CVE-2004-0417)
Concurrent Versions System CVS is an open-source network-transparent version control system. CVS itself does not listen for, or accept network connections. To implement remote repository access, it can be installed as an inetd service, or invoked with the rsh/ssh command. Data between the server...
CVS DoS
Hi, I've just found annoying bug in cvs-1.10.7 probably others too. Let's assume you've decided to make your remote cvs repository available to several trusted people. Therefore you need to edit your /etc/inetd.conf file and add line similar to presented below: cvspserver stream tcp nowait root...