VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
CVE-2010-1326
cvs_suite, cvsnt: perms.cpp in March Hare Software CVSNT 2.0.58, 2.5....
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1326

Original

perms.cpp in March Hare Software CVSNT 2.0.58, 2.5.01, 2.5.02, 2.5.03 before build 3736, 2.5.04 before build 2862; CVS Suite 2.5.03, 2008 before build 3736, and 2009 before 3729 allows remote attackers to bypass the permissions check, modify arbitrary modules and directories within CVSROOT, and execute arbitrary code via a crafted branch name ACL, possibly related to incorrect inheritance.

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
NIST NVD
First Published:
2010-09-15
Source Information Category:
Advisory, Alert
Last Updated:
2010-09-15




Affected Product Tags
cpe:/a:march-hare:cvs_suite:2.5.03
cpe:/a:march-hare:cvs_suite:2008
cpe:/a:march-hare:cvs_suite:2009:pre-release
cpe:/a:march-hare:cvsnt:2.0.58
cpe:/a:march-hare:cvsnt:2.5.01
cpe:/a:march-hare:cvsnt:2.5.02
cpe:/a:march-hare:cvsnt:2.5.03
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

Local [?]
Adjacent Network [?]
X Network [?]
[Access Complexit]  [?]
Undefined [?]

High [?]
X Medium [?]
Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
Single [?]
X None [?]
[Confidentiality Impact]  [?]
Undefined [?]

None [?]
Partial [?]
X Complete [?]
[Integrity Impact]  [?]
Undefined [?]

None [?]
Partial [?]
X Complete [?]
[Availability Impact]  [?]
Undefined [?]

None [?]
Partial [?]
X Complete [?]
Alternatives




References
CONFIRM http://march-hare.com/cvspro/vuln.htm




CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=593884




DEBIAN DSA-2108




MISC http://customer.march-hare.com/webtools/bugzilla/attachment.cgi?tt=1&id=1790&action=view




SECUNIA 41358




SECUNIA 41345




VUPEN ADV-2010-2350




Vulnerability Type Permissions, Privileges, and Access Control (CWE-264)




Copyright © 2010 JPCERT/CC All Rights Reserved.