Lucene search
GoogleOSV:DSA-2108-1HistorySep 14, 2010 - 12:00 a.m.
cvsnt - arbitrary code execution
2010-09-1400:00:00
Google
osv.dev
10
0.063 Low
EPSS
Percentile
93.6%
It has been discovered that in cvsnt, a multi-platform version of the
original source code versioning system CVS, an error in the
authentication code allows a malicious, unprivileged user, through the
use of a specially crafted branch name, to gain write access to any
module or directory, including CVSROOT itself. The attacker can then
execute arbitrary code as root by modifying or adding administrative
scripts in that directory.
For the stable distribution (lenny), this problem has been fixed in
version 2.5.03.2382-3.3+lenny1.
We recommend that you upgrade your cvsnt package.
| CPE | Name | Operator | Version |
|---|---|---|---|
| cvsnt | eq | 2.5.03.2382-3.3 |
References
Related
nessus
nessus
Debian DSA-2108-1 : cvsnt - programming error
2010-09-15 00:00:00
securityvulns
securityvulns
cvsnt unauthorized access
2010-09-17 00:00:00
[SECURITY] [DSA 2108-1] New cvsnt package fixes arbitrary code execution
2010-09-17 00:00:00
cve
cve
CVE-2010-1326
2022-10-03 16:21:01
openvas
openvas
Debian: Security Advisory (DSA-2108-1)
2010-10-10 00:00:00
Debian Security Advisory DSA 2108-1 (cvsnt)
2010-10-10 00:00:00
nvd
nvd
CVE-2010-1326
2010-09-15 18:00:03
debian
debian
[SECURITY] [DSA 2108-1] New cvsnt package fixes arbitrary code execution
2010-09-14 06:47:05
prion
prion
Design/Logic Flaw
2010-09-15 18:00:00
kaspersky
kaspersky
KLA10098 Vulnerability in CVSNT
2014-08-08 00:00:00
cvelist
cvelist
CVE-2010-1326
2022-10-03 16:21:01
ubuntucve
ubuntucve
CVE-2010-1326
2010-09-15 00:00:00