Vulnerabilities > CVE-2000-0680 - Unspecified vulnerability in CVS 1.10.8

047910
CVSS 7.2 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
low complexity
cvs
exploit available

Summary

The CVS 1.10.8 server does not properly restrict users from creating arbitrary Checkin.prog or Update.prog programs, which allows remote CVS committers to modify or create Trojan horse programs with the Checkin.prog or Update.prog names, then performing a CVS commit action.

Vulnerable Configurations

Part Description Count
Application
Cvs
1

Exploit-Db

descriptionCVS Kit CVS Server 1.10 .8 Checkin.prog Binary Execution Vulnerability. CVE-2000-0680. Local exploit for unix platform
idEDB-ID:20108
last seen2016-02-02
modified2000-06-28
published2000-06-28
reporterTanaka Akira
sourcehttps://www.exploit-db.com/download/20108/
titleCVS Kit CVS Server 1.10.8 - Checkin.prog Binary Execution Vulnerability