Users of New cvsnt package please be advised of fixes arbitrary code execution vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
DSA 2108-1: [DSA 2108-1] New cvsnt package fixes arbitrary code execution
It has been discovered that in cvsnt, a multi-platform version of the
original source code versioning system CVS, an error in the
authentication code allows a malicious, unprivileged user, through the
use of a specially crafted branch name, to gain write access to any
module or directory, including CVSROOT itself. The attacker can then
execute arbitrary code as root by modifying or adding administrative
scripts in that directory.
Read more at www.criticalwatch.com
See this Amp at http://bit.ly/aGHRt4
No comments:
Post a Comment