Debian CVS-Repouid Remote Authentication Bypass Vulnerability

Bugtraq ID:	13402
Class:	Access Validation Error
CVE:	CVE-2004-1342
Remote:	Yes
Local:	No
Published:	Apr 27 2005 12:00AM
Updated:	Jul 12 2009 02:06PM
Credit:	Maks Polunin and Alberto Garcia are credited with the discovery of this issue.
Vulnerable:	Debian Linux 3.0 sparc Debian Linux 3.0 s/390 Debian Linux 3.0 ppc Debian Linux 3.0 mipsel Debian Linux 3.0 mips Debian Linux 3.0 m68k Debian Linux 3.0 ia-64 Debian Linux 3.0 ia-32 Debian Linux 3.0 hppa Debian Linux 3.0 arm Debian Linux 3.0 alpha Debian Linux 3.0 Debian CVS 1.11.1 p1 + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 alpha + Debian Linux 3.0
Not Vulnerable:

Debian CVS-Repouid Remote Authentication Bypass Vulnerability

A remote authentication bypass vulnerability affects Debian CVS. This issue is due to an error with Debian's CVS cvs-repouid patch.

A remote attacker may leverage this issue to bypass CVS authentication requirements and gain unauthorized access to a vulnerable repository.

Debian CVS-Repouid Remote Authentication Bypass Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

Debian CVS-Repouid Remote Authentication Bypass Vulnerability

Solution:
Debian has released advisory DSA 715-1 along with fixes addressing this issue. Please see the referenced advisory for more information.

Debian CVS-Repouid Remote Authentication Bypass Vulnerability

References:

• cvs-repouid Home Page (cvs-repouid)
  
• Debian Homepage (Debian)