CVE-2000-0680
First published: Thu Sep 21 2000(Updated: )
The CVS 1.10.8 server does not properly restrict users from creating arbitrary Checkin.prog or Update.prog programs, which allows remote CVS committers to modify or create Trojan horse programs with the Checkin.prog or Update.prog names, then performing a CVS commit action.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Distrotech Cvs | =1.10.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2000-0680?
CVE-2000-0680 has a moderate severity level due to the potential for remote users to create malicious programs.
How do I fix CVE-2000-0680?
To fix CVE-2000-0680, upgrade the CVS server to a version beyond 1.10.8 where this vulnerability has been addressed.
What type of software is affected by CVE-2000-0680?
CVE-2000-0680 specifically affects CVS version 1.10.8.
What impact does CVE-2000-0680 have on my system?
CVE-2000-0680 allows unauthorized modification or creation of programs, potentially leading to malicious exploitation.
Can CVE-2000-0680 be exploited remotely?
Yes, CVE-2000-0680 can be exploited remotely by CVS committers who have access to the server.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- vendor/cvs
- product/cvs
- canonical/cvs cvs
- agent/software-canonical-lookup-request
- collector/nvd-index
- canonical/distrotech cvs
- version/distrotech cvs/1.10.8