Home > Vulnerability Database > CVE-2010-1326

Mend.io Vulnerability Database

CVE-2010-1326

Date: October 3, 2022

perms.cpp in March Hare Software CVSNT 2.0.58, 2.5.01, 2.5.02, 2.5.03 before build 3736, 2.5.04 before build 2862; CVS Suite 2.5.03, 2008 before build 3736, and 2009 before 3729 allows remote attackers to bypass the permissions check, modify arbitrary modules and directories within CVSROOT, and execute arbitrary code via a crafted branch name ACL, possibly related to incorrect inheritance.

Severity Score

8.1

Related Resources (10)

Url: http://www.debian.org/security/2010/dsa-2108

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2010-1326

Url: https://nvd.nist.gov/vuln/detail/CVE-2010-1326

Url: http://customer.march-hare.com/webtools/bugzilla/attachment.cgi?tt=1&id=1790&action=view

Url: http://www.vupen.com/english/advisories/2010/2350

Url: http://secunia.com/advisories/41358

Url: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=593884

Url: http://march-hare.com/cvspro/vuln.htm

Url: http://secunia.com/advisories/41345

Url: https://www.mend.io/vulnerability-database/CVE-2010-1326

Severity Score

8.1

Weakness Type (CWE)

Permissions, Privileges, and Access Control

CWE-264

CVSS v3.1

Base Score:	8.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	9.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2010-1326

Date: October 3, 2022

Severity Score

Related Resources (10)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?