CVE-2000-0680
CVS 1.10.8 - Authenticated Arbitrary Program Creation via Checkin.prog or Update.prog
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2000-0680. PoCs published by Tanaka Akira.
AI-analyzed exploit summary This exploit demonstrates how a malicious CVS committer can execute arbitrary binaries by modifying or creating a Checkin.prog file in the working directory. The attacker can add a binary file using 'cvs add -kb' and commit it, then trigger its execution via Checkin.prog during the commit process.
Description
The CVS 1.10.8 server does not properly restrict users from creating arbitrary Checkin.prog or Update.prog programs, which allows remote CVS committers to modify or create Trojan horse programs with the Checkin.prog or Update.prog names, then performing a CVS commit action.
Exploits (1)
This exploit demonstrates how a malicious CVS committer can execute arbitrary binaries by modifying or creating a Checkin.prog file in the working directory. The attacker can add a binary file using 'cvs add -kb' and commit it, then trigger its execution via Checkin.prog during the commit process.