[cvsnt] SECURITY BUG IN PSERVER

River river at ptt.yu
Mon Aug 11 07:51:44 BST 2003


Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.


I posted this some time ago for version 2.0.4. Now I installed 2.1.1 and
still the same bug

If I set up repository with pserver authentication, by using admin file,
passwd file and create 2 users, one that is administrator (river), and one
that is user (ruser) .

Next I can log on to server with administrator login (river) and I add one
new user foo using cvs passwd -a foo

Next I log of , and then log again using normal user password (ruser).

If I try to add new user I got error that only admins can add users, but IF
I TRY TO DELETE USER USING

 cvs passwd -X foo

I WILL BE ABLE TO DO IT.

Can somebody please help about this. Maby I'm wrong with my configuration,
but if so, please help me.




More information about the cvsnt mailing list
Download the latest CVSNT, TortosieCVS, WinCVS etc. for Windows 8 etc.
@CVSNT on Twitter   CVSNT on Facebook