[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2010-1326Date: (C)2010-09-15   (M)2023-12-22


perms.cpp in March Hare Software CVSNT 2.0.58, 2.5.01, 2.5.02, 2.5.03 before build 3736, 2.5.04 before build 2862; CVS Suite 2.5.03, 2008 before build 3736, and 2009 before 3729 allows remote attackers to bypass the permissions check, modify arbitrary modules and directories within CVSROOT, and execute arbitrary code via a crafted branch name ACL, possibly related to incorrect inheritance.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.3
Exploit Score: 8.6
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECUNIA-41345
SECUNIA-41358
ADV-2010-2350
DSA-2108
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=593884
http://customer.march-hare.com/webtools/bugzilla/attachment.cgi?tt=1&id=1790&action=view
http://march-hare.com/cvspro/vuln.htm

CPE    7
cpe:/a:march-hare:cvs_suite:2009:pre-release
cpe:/a:march-hare:cvsnt:2.5.01
cpe:/a:march-hare:cvsnt:2.5.02
cpe:/a:march-hare:cvsnt:2.0.58
...
CWE    1
CWE-264
OVAL    1
oval:org.secpod.oval:def:600129

© SecPod Technologies