CVS before 1.11 allows CVS clients to read arbitrary files via .. (dot dot) sequences in filenames via CVS client requests, a different vulnerability than CVE-2004-0180.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Cvs | Cvs | * | 1.10 (including) |
Red Hat Enterprise Linux 3 | RedHat | cvs-0:1.11.2-18 | * |
Red Hat Linux 9 | RedHat | * | |
Cvs | Ubuntu | dapper | * |
Cvs | Ubuntu | devel | * |
Cvs | Ubuntu | edgy | * |
Cvs | Ubuntu | feisty | * |