CVE-2000-0679

CVS 1.10.8 - Arbitrary File Creation via Server-Provided Pathnames

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-0679. PoCs published by Tanaka Akira.

AI-analyzed exploit summary This exploit demonstrates a path traversal vulnerability in CVS clients where a malicious server can trick the client into creating files in arbitrary locations. The PoC uses a fake CVS server script to create a file in /tmp/foo by manipulating the server's responses.

Description

The CVS 1.10.8 client trusts pathnames that are provided by the CVS server, which allows the server to force the client to create arbitrary files.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Tanaka Akira · textlocalunix
https://www.exploit-db.com/exploits/20107

This exploit demonstrates a path traversal vulnerability in CVS clients where a malicious server can trick the client into creating files in arbitrary locations. The PoC uses a fake CVS server script to create a file in /tmp/foo by manipulating the server's responses.

Classification
Working Poc 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: CVS client (versions prior to fix for CVE-2000-0679)
No auth needed
Prerequisites: Access to a vulnerable CVS client · Ability to control or spoof a CVS server response
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/1523

Scores

EPSS 0.0072
EPSS Percentile 49.3%

Details

Status published
Products (1)
cvs/cvs 1.10.8
Published Oct 20, 2000
Tracked Since Feb 18, 2026