icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

CVS pserver CVSROOT Passwd File Arbitrary Code Execution

High

Synopsis

An attacker may execute arbitrary commands on the remote system.

Description

The remote CVS server, according to its version number, might allow an attacker to execute arbitrary commands on the remote system as cvs does not drop root privileges properly.

Solution

Upgrade to most recent version of CVS.