Vulnerabilities > CVE-2000-0680 - Unspecified vulnerability in CVS 1.10.8

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
cvs
exploit available

Summary

The CVS 1.10.8 server does not properly restrict users from creating arbitrary Checkin.prog or Update.prog programs, which allows remote CVS committers to modify or create Trojan horse programs with the Checkin.prog or Update.prog names, then performing a CVS commit action.

Vulnerable Configurations

Part Description Count
Application
Cvs
1

Exploit-Db

descriptionCVS Kit CVS Server 1.10 .8 Checkin.prog Binary Execution Vulnerability. CVE-2000-0680. Local exploit for unix platform
idEDB-ID:20108
last seen2016-02-02
modified2000-06-28
published2000-06-28
reporterTanaka Akira
sourcehttps://www.exploit-db.com/download/20108/
titleCVS Kit CVS Server 1.10.8 - Checkin.prog Binary Execution Vulnerability