CVE-2000-0680 — HIGH (7.2) — White Hats Nepal

Vulnerability Description

The CVS 1.10.8 server does not properly restrict users from creating arbitrary Checkin.prog or Update.prog programs, which allows remote CVS committers to modify or create Trojan horse programs with the Checkin.prog or Update.prog names, then performing a CVS commit action.

CVSS Score

7.2

HIGH

AV:L/AC:L/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Cvs	Cvs	1.10.8

References

http://www.securityfocus.com/bid/1524ExploitPatchVendor Advisory
http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%ExploitVendor Advisory
http://www.securityfocus.com/bid/1524ExploitPatchVendor Advisory
http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%ExploitVendor Advisory

FAQ

What is CVE-2000-0680?

CVE-2000-0680 is a vulnerability with a CVSS score of 7.2 (HIGH). The CVS 1.10.8 server does not properly restrict users from creating arbitrary Checkin.prog or Update.prog programs, which allows remote CVS committers to modify or create Trojan horse programs with t...

How severe is CVE-2000-0680?

CVE-2000-0680 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2000-0680?

Check the references section above for vendor advisories and patch information. Affected products include: Cvs Cvs.