Debian Concurrent Versions System (CVS) remote repositories using "pserver" with the cvs-repouid Debian patch are vulnerable to authentication bypass.
CVS is a version control and source code maintenance system that is widely used by open-source software development projects.
The "pserver" is one method used to provide remote access to CVS repositories. Debian included a patch/enhancement, referred to as the cvs-repouid patch, to enhance security when using the "pserver" remote access method.
Attackers could obtain unauthorized remote access to a CVS repository and modify its contents.
Apply the patch
Debian credits Maks Polunin and Alberto Garcia with independently discovering this issue. This vulnerability was reported in Debian advisory DSA-715-1.
This document was written by Robert Mead based on information from Debian.
|Date First Published:||2005-05-05|
|Date Last Updated:||2005-05-11 14:27 UTC|