Mandrake Linux Security Advisory : cvsweb (MDKSA-2000:019)
High Nessus Plugin ID 61817
SynopsisThe remote Mandrake Linux host is missing a security update.
DescriptionCvsweb contains a hole that provides attackers who have write access to a cvs repository with shell access. Thus, attackers who have write access to a cvs repository but not shell access can obtain a shell. In addition, anyone with write access to a cvs repository that is viewable with cvsweb can get access to whatever user the cvsweb cgi script runs as (typically nobody or www-data, etc.). This update closes all of these possibly exploited pipe-opens.
SolutionUpdate the affected cvsweb package.