Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 14257 - Security Flaw in CVS - execute arbitrary code on server
Summary: Security Flaw in CVS - execute arbitrary code on server
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Unspecified (show other bugs)
Hardware: All All
: Highest critical (vote)
Assignee: Gentoo Security
URL: http://security.e-matters.de/advisori...
Whiteboard:
Keywords:
Depends on:
Blocks: 6424
  Show dependency tree
 
Reported: 2003-01-20 16:04 UTC by Bug Hunter
Modified: 2003-01-21 04:39 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Bug Hunter 2003-01-20 16:04:17 UTC 
From the advisory:

>Concurrent Versions System (CVS) is the dominant open-source version control
software that allows >developers to access the latest code using a network
connection. CVS version 1.11.4 and below contain >a flaw that can be used by a
remote attacker to execute arbitrary code on the server.
Comment 1 Daniel Ahlberg (RETIRED) gentoo-dev 2003-01-21 04:39:11 UTC 
glsa sent