[cvsnt] Re: Recent cvs vulnerability.
Tony Hoyle
tmh at nodomain.org
Tue Jun 15 01:18:14 BST 2004
Jonathan Belson wrote:
> Hiya
>
>
> I notice that the cvshome.com recently got hit by a remote exploit, and
> I was wondering if cvsnt shared this vulnerability (I looked back through
> the mailing list archives but didn't see any references to it).
>
> This site implies that only pserver is affected:
>
> http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0396
>
> but cvshome.com suggests that *any* remote protocol is vulnerable.
>
> My server uses sspi and has pserver disabled - do I have anything to worry
> about?
>
CVSNT has some extra checks that reduce the impact of such problems, but
as far as I can tell it isn't vulnerable anyway. I've tightened up some
of the checking in the development versions to specifically check for
someone trying something though.
Tony
More information about the cvsnt
mailing list