CVE-2010-1326 - Vulnerability Details - OpenCVE

perms.cpp in March Hare Software CVSNT 2.0.58, 2.5.01, 2.5.02, 2.5.03 before build 3736, 2.5.04 before build 2862; CVS Suite 2.5.03, 2008 before build 3736, and 2009 before 3729 allows remote attackers to bypass the permissions check, modify arbitrary modules and directories within CVSROOT, and execute arbitrary code via a crafted branch name ACL, possibly related to incorrect inheritance.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
March-hare	Cvs Suite Cvsnt

Configuration 1 [-]

OR	cpe:2.3:a:march-hare:cvs_suite:2.5.03:::::::*
	cpe:2.3:a:march-hare:cvs_suite:2008:::::::*
	cpe:2.3:a:march-hare:cvs_suite:2009:pre-release::::::
	cpe:2.3:a:march-hare:cvsnt:2.0.58:::::::*
	cpe:2.3:a:march-hare:cvsnt:2.5.01:::::::*
	cpe:2.3:a:march-hare:cvsnt:2.5.02:::::::*
	cpe:2.3:a:march-hare:cvsnt:2.5.03:::::::*
	cpe:2.3:a:march-hare:cvsnt:2.5.04:::::::*

No data.

References

Link	Providers
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=593884
http://customer.march-hare.com/webtools/bugzilla/attachment.cgi?tt=1&id=1790&action=view
http://march-hare.com/cvspro/vuln.htm
http://secunia.com/advisories/41345
http://secunia.com/advisories/41358
http://www.debian.org/security/2010/dsa-2108
http://www.vupen.com/english/advisories/2010/2350

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-09-15T17:26:00Z

Updated: 2024-09-16T22:29:42.877Z

Reserved: 2010-04-08T00:00:00Z

Link: CVE-2010-1326

Vulnrichment

No data.

NVD

Status : Modified

Published: 2010-09-15T18:00:03.353

Modified: 2024-11-21T01:14:09.160

Link: CVE-2010-1326

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "perms.cpp in March Hare Software CVSNT 2.0.58, 2.5.01, 2.5.02, 2.5.03 before build 3736, 2.5.04 before build 2862; CVS Suite 2.5.03, 2008 before build 3736, and 2009 before 3729 allows remote attackers to bypass the permissions check, modify arbitrary modules and directories within CVSROOT, and execute arbitrary code via a crafted branch name ACL, possibly related to incorrect inheritance."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2010-09-15T17:26:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2010-2350", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/2350"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=593884"}, {"name": "DSA-2108", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2010/dsa-2108"}, {"name": "41358", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/41358"}, {"name": "41345", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/41345"}, {"tags": ["x_refsource_MISC"], "url": "http://customer.march-hare.com/webtools/bugzilla/attachment.cgi?tt=1&id=1790&action=view"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://march-hare.com/cvspro/vuln.htm"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-1326", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "perms.cpp in March Hare Software CVSNT 2.0.58, 2.5.01, 2.5.02, 2.5.03 before build 3736, 2.5.04 before build 2862; CVS Suite 2.5.03, 2008 before build 3736, and 2009 before 3729 allows remote attackers to bypass the permissions check, modify arbitrary modules and directories within CVSROOT, and execute arbitrary code via a crafted branch name ACL, possibly related to incorrect inheritance."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2010-2350", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/2350"}, {"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=593884", "refsource": "CONFIRM", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=593884"}, {"name": "DSA-2108", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2010/dsa-2108"}, {"name": "41358", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/41358"}, {"name": "41345", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/41345"}, {"name": "http://customer.march-hare.com/webtools/bugzilla/attachment.cgi?tt=1&id=1790&action=view", "refsource": "MISC", "url": "http://customer.march-hare.com/webtools/bugzilla/attachment.cgi?tt=1&id=1790&action=view"}, {"name": "http://march-hare.com/cvspro/vuln.htm", "refsource": "CONFIRM", "url": "http://march-hare.com/cvspro/vuln.htm"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T01:21:18.242Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2010-2350", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/2350"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=593884"}, {"name": "DSA-2108", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2010/dsa-2108"}, {"name": "41358", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/41358"}, {"name": "41345", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/41345"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://customer.march-hare.com/webtools/bugzilla/attachment.cgi?tt=1&id=1790&action=view"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://march-hare.com/cvspro/vuln.htm"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-1326", "datePublished": "2010-09-15T17:26:00Z", "dateReserved": "2010-04-08T00:00:00Z", "dateUpdated": "2024-09-16T22:29:42.877Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:march-hare:cvs_suite:2.5.03:*:*:*:*:*:*:*", "matchCriteriaId": "1839DDE8-584F-40C4-A1DC-74D900EC0A3D", "vulnerable": true}, {"criteria": "cpe:2.3:a:march-hare:cvs_suite:2008:*:*:*:*:*:*:*", "matchCriteriaId": "CB493730-75A0-4918-9B58-E7B388BC36A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:march-hare:cvs_suite:2009:pre-release:*:*:*:*:*:*", "matchCriteriaId": "153F0773-3470-4DE4-9FFA-6D99CB339AD5", "vulnerable": true}, {"criteria": "cpe:2.3:a:march-hare:cvsnt:2.0.58:*:*:*:*:*:*:*", "matchCriteriaId": "7A8DC576-0745-4246-BBE1-5C1539D3B9AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:march-hare:cvsnt:2.5.01:*:*:*:*:*:*:*", "matchCriteriaId": "0AB51634-A1B3-48D9-97B6-596608B59891", "vulnerable": true}, {"criteria": "cpe:2.3:a:march-hare:cvsnt:2.5.02:*:*:*:*:*:*:*", "matchCriteriaId": "3AE04267-2249-4E12-A2E1-1C4D3B1F771D", "vulnerable": true}, {"criteria": "cpe:2.3:a:march-hare:cvsnt:2.5.03:*:*:*:*:*:*:*", "matchCriteriaId": "1736E671-6B48-4F02-BCBD-3B33694BF5EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:march-hare:cvsnt:2.5.04:*:*:*:*:*:*:*", "matchCriteriaId": "56882D83-1ACC-414E-B446-DA7F7ECB7E03", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "perms.cpp in March Hare Software CVSNT 2.0.58, 2.5.01, 2.5.02, 2.5.03 before build 3736, 2.5.04 before build 2862; CVS Suite 2.5.03, 2008 before build 3736, and 2009 before 3729 allows remote attackers to bypass the permissions check, modify arbitrary modules and directories within CVSROOT, and execute arbitrary code via a crafted branch name ACL, possibly related to incorrect inheritance."}, {"lang": "es", "value": "perms.cpp en March Hare Software CVSNT v2.0.58, v2.5.01, v2.5.02, v2.5.03 anterior a build 3736, v2.5.04 anterior a build 2862; CVS Suite v2.5.03, 2008 anterior a build 3736, and 2009 anterior a 3729 permite a los atacantes remotos evitar la verificaci\u00f3n de permisos, modificar a su elecci\u00f3n m\u00f3dulos y directorios dentro de CVSROOT, y ejecutar c\u00f3digo a su elecci\u00f3n a trav\u00e9s de un nombre de ramificaci\u00f3n ACL manipulada, posiblemente relacionadas con la herencia incorrecta."}], "id": "CVE-2010-1326", "lastModified": "2024-11-21T01:14:09.160", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-09-15T18:00:03.353", "references": [{"source": "cve@mitre.org", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=593884"}, {"source": "cve@mitre.org", "url": "http://customer.march-hare.com/webtools/bugzilla/attachment.cgi?tt=1&id=1790&action=view"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://march-hare.com/cvspro/vuln.htm"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/41345"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/41358"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2010/dsa-2108"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/2350"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=593884"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://customer.march-hare.com/webtools/bugzilla/attachment.cgi?tt=1&id=1790&action=view"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://march-hare.com/cvspro/vuln.htm"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/41345"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/41358"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2010/dsa-2108"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/2350"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}