[cvsnt] Re: Recent cvs vulnerability.

Tony Hoyle tmh at nodomain.org
Tue Jun 15 01:18:14 BST 2004


Jonathan Belson wrote:

> Hiya
> 
> 
> I notice that the cvshome.com recently got hit by a remote exploit, and
> I was wondering if cvsnt shared this vulnerability (I looked back through
> the mailing list archives but didn't see any references to it).
> 
> This site implies that only pserver is affected:
> 
> http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0396
> 
> but cvshome.com suggests that *any* remote protocol is vulnerable.
> 
> My server uses sspi and has pserver disabled - do I have anything to worry
> about?
>

CVSNT has some extra checks that reduce the impact of such problems, but 
as far as I can tell it isn't vulnerable anyway.  I've tightened up some 
of the checking in the development versions to specifically check for 
someone trying something though.

Tony



More information about the cvsnt mailing list