Vulnerability Note VU#327037
Debian CVS "pserver" remote access authentication bypass vulnerability
Debian Concurrent Versions System (CVS) remote repositories using "pserver" with the cvs-repouid Debian patch are vulnerable to authentication bypass.
CVS is a version control and source code maintenance system that is widely used by open-source software development projects.
The "pserver" is one method used to provide remote access to CVS repositories. Debian included a patch/enhancement, referred to as the cvs-repouid patch, to enhance security when using the "pserver" remote access method.
Attackers could obtain unauthorized remote access to a CVS repository and modify its contents.
Apply the patch
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Debian||Affected||-||29 Apr 2005|
CVSS Metrics (Learn More)
Debian credits Maks Polunin and Alberto Garcia with independently discovering this issue. This vulnerability was reported in Debian advisory DSA-715-1.
This document was written by Robert Mead based on information from Debian.
- CVE IDs: CAN-2004-1342
- Date Public: 27 Apr 2005
- Date First Published: 05 May 2005
- Date Last Updated: 11 May 2005
- Severity Metric: 10.55
- Document Revision: 19
If you have feedback, comments, or additional information about this vulnerability, please send us email.