The CVS 1.10.8 server does not properly restrict users from creating arbitrary Checkin.prog or Update.prog programs, which allows remote CVS committers to modify or create Trojan horse programs with the Checkin.prog or Update.prog names, then performing a CVS commit action.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2000-09-21T04:00:00

Updated: 2024-08-08T05:28:40.711Z

Reserved: 2000-09-19T00:00:00

Link: CVE-2000-0680

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2000-10-20T04:00:00.000

Modified: 2024-11-20T23:33:03.103

Link: CVE-2000-0680

cve-icon Redhat

No data.