CVE-2000-0680

Name of the Vulnerable Software and Affected Versions CVS version 1.10.8

Description The issue allows remote CVS committers to create or modify Trojan horse programs by exploiting improper restrictions on creating arbitrary Checkin.prog or Update.prog programs. This can be achieved by performing a CVS commit action, potentially leading to malicious modifications.

Recommendations For CVS version 1.10.8, restrict access to the Checkin.prog and Update.prog programs to prevent unauthorized modifications, and consider implementing additional access controls to limit the actions of remote CVS committers.