Vulnerability Name:

CVE-2000-0680 (CCN-5019)

Assigned:2000-07-28
Published:2000-07-28
Updated:2008-09-05
Summary:The CVS 1.10.8 server does not properly restrict users from creating arbitrary Checkin.prog or Update.prog programs, which allows remote CVS committers to modify or create Trojan horse programs with the Checkin.prog or Update.prog names, then performing a CVS commit action.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Fri Jul 28 2000 - 03:21:28 CDT
cvs security problem

Source: MITRE
Type: CNA
CVE-2000-0680

Source: CCN
Type: Concurrent Versions System (CVS)
CVS Home

Source: CCN
Type: OSVDB ID: 7408
CVS Checkin.prog/Update.prog Arbitrary Command Execution

Source: BID
Type: Exploit, Patch, Vendor Advisory
1524

Source: CCN
Type: BID-1524
CVS Checkin.prog Binary Execution Vulnerability

Source: BUGTRAQ
Type: Exploit, Vendor Advisory
20000728 cvs security problem

Source: XF
Type: UNKNOWN
cvs-checkin-execute-binary(5019)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:cvs:cvs:1.10.8:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    cvs cvs 1.10.8