[cvsnt] Re: Recent cvs vulnerability.

Michael Kennedy [UB] mkennedy at REMOVETHIS.unitedbinary.com
Wed Jun 16 20:21:44 BST 2004


Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.


Hi Tony,

What is the lowest version number that contains the extra measures against
the security holes?

Thanks,
Michael

"Tony Hoyle" <tmh at nodomain.org> wrote in message
news:calc5n$cdn$2 at paris.nodomain.org...
> Jonathan Belson wrote:
>
> > Hiya
> >
> >
> > I notice that the cvshome.com recently got hit by a remote exploit, and
> > I was wondering if cvsnt shared this vulnerability (I looked back
through
> > the mailing list archives but didn't see any references to it).
> >
> > This site implies that only pserver is affected:
> >
> > http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0396
> >
> > but cvshome.com suggests that *any* remote protocol is vulnerable.
> >
> > My server uses sspi and has pserver disabled - do I have anything to
worry
> > about?
> >
>
> CVSNT has some extra checks that reduce the impact of such problems, but
> as far as I can tell it isn't vulnerable anyway.  I've tightened up some
> of the checking in the development versions to specifically check for
> someone trying something though.
>
> Tony





More information about the cvsnt mailing list
Download the latest CVSNT, TortosieCVS, WinCVS etc. for Windows 8 etc.
@CVSNT on Twitter   CVSNT on Facebook