Description
CVS 1.12 and earlier on Debian GNU/Linux, when using the repouid patch, allows remote attackers to bypass authentication via the pserver access method.
Product(s):
- CVS CVS 1.10.6
- CVS CVS 1.10.7
- CVS CVS 1.10.8
- CVS CVS 1.10
- CVS CVS 1.11.10
- CVS CVS 1.11.11
- CVS CVS 1.11.14
- CVS CVS 1.11.15
- CVS CVS 1.11.16
- CVS CVS 1.11.1
- CVS CVS 1.11.1_p1
- CVS CVS 1.11.2
- CVS CVS 1.11.3
- CVS CVS 1.11.4
- CVS CVS 1.11.5
- CVS CVS 1.11.6
- CVS CVS 1.11
- CVS CVS 1.12
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2004-1342, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2004-1342 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.