[cvsnt] Re: Recent cvs vulnerability.
Michael Kennedy [UB]
mkennedy at REMOVETHIS.unitedbinary.com
Wed Jun 16 20:21:44 BST 2004
Hi Tony,
What is the lowest version number that contains the extra measures against
the security holes?
Thanks,
Michael
"Tony Hoyle" <tmh at nodomain.org> wrote in message
news:calc5n$cdn$2 at paris.nodomain.org...
> Jonathan Belson wrote:
>
> > Hiya
> >
> >
> > I notice that the cvshome.com recently got hit by a remote exploit, and
> > I was wondering if cvsnt shared this vulnerability (I looked back
through
> > the mailing list archives but didn't see any references to it).
> >
> > This site implies that only pserver is affected:
> >
> > http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0396
> >
> > but cvshome.com suggests that *any* remote protocol is vulnerable.
> >
> > My server uses sspi and has pserver disabled - do I have anything to
worry
> > about?
> >
>
> CVSNT has some extra checks that reduce the impact of such problems, but
> as far as I can tell it isn't vulnerable anyway. I've tightened up some
> of the checking in the development versions to specifically check for
> someone trying something though.
>
> Tony
More information about the cvsnt
mailing list