CVE-2010-1326

Name of the Vulnerable Software and Affected Versions CVSNT versions 2.0.58, 2.5.01, 2.5.02, 2.5.03 before build 3736, 2.5.04 before build 2862 CVS Suite versions 2.5.03, 2008 before build 3736, and 2009 before 3729

Description The issue allows remote attackers to bypass the permissions check, modify arbitrary modules and directories within CVSROOT, and execute arbitrary code via a crafted branch name ACL. This is possibly related to incorrect inheritance. Multiple vulnerabilities in the cvsnt package of the Debian GNU/Linux operating system can be exploited remotely, leading to a violation of confidentiality, integrity, and availability of protected information.

Recommendations For CVSNT versions 2.0.58, 2.5.01, 2.5.02, 2.5.03 before build 3736, and 2.5.04 before build 2862, update to a version with build 3736 or later for 2.5.03, and build 2862 or later for 2.5.04. For CVS Suite versions 2.5.03, 2008 before build 3736, and 2009 before 3729, update to a version with build 3736 or later for 2008, and build 3729 or later for 2009. As a temporary workaround, consider restricting access to the CVSROOT directory to minimize the risk of exploitation.