CVE-2010-1326

Publication date 15 September 2010

Last updated 24 July 2024

Ubuntu priority

perms.cpp in March Hare Software CVSNT 2.0.58, 2.5.01, 2.5.02, 2.5.03 before build 3736, 2.5.04 before build 2862; CVS Suite 2.5.03, 2008 before build 3736, and 2009 before 3729 allows remote attackers to bypass the permissions check, modify arbitrary modules and directories within CVSROOT, and execute arbitrary code via a crafted branch name ACL, possibly related to incorrect inheritance.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
cvsnt	11.10 oneiric	Not in release
	11.04 natty	Not affected
	10.10 maverick	Not affected
	10.04 LTS lucid	Not affected
	9.10 karmic	Not affected
	9.04 jaunty	Ignored end of life
	8.04 LTS hardy	Ignored end of life
	6.06 LTS dapper	Ignored end of life

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
cvsnt	Upstream: http://customer.march-hare.com/webtools/bugzilla/attachment.cgi?tt=1&id=1790&action=view

References

Other references

https://www.cve.org/CVERecord?id=CVE-2010-1326