Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
Jonathan Belson wrote: > Hiya > > > I notice that the cvshome.com recently got hit by a remote exploit, and > I was wondering if cvsnt shared this vulnerability (I looked back through > the mailing list archives but didn't see any references to it). > > This site implies that only pserver is affected: > > http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0396 > > but cvshome.com suggests that *any* remote protocol is vulnerable. > > My server uses sspi and has pserver disabled - do I have anything to worry > about? > CVSNT has some extra checks that reduce the impact of such problems, but as far as I can tell it isn't vulnerable anyway. I've tightened up some of the checking in the development versions to specifically check for someone trying something though. Tony