Originally Published: Saturday, 15 July 2000 Author: Alexander Reelsen
Published to: news_enhance_security/Security News Page: 1/1 - [Printable]

Mandrake Security Update - cvsweb

Cvsweb contains a hole that provides attackers who have write access to a cvs repository with shell access. Thus, attackers who have write access to a cvs repository but not shell access can obtain a shell.