Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
Hi Tony, What is the lowest version number that contains the extra measures against the security holes? Thanks, Michael "Tony Hoyle" <tmh at nodomain.org> wrote in message news:calc5n$cdn$2 at paris.nodomain.org... > Jonathan Belson wrote: > > > Hiya > > > > > > I notice that the cvshome.com recently got hit by a remote exploit, and > > I was wondering if cvsnt shared this vulnerability (I looked back through > > the mailing list archives but didn't see any references to it). > > > > This site implies that only pserver is affected: > > > > http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0396 > > > > but cvshome.com suggests that *any* remote protocol is vulnerable. > > > > My server uses sspi and has pserver disabled - do I have anything to worry > > about? > > > > CVSNT has some extra checks that reduce the impact of such problems, but > as far as I can tell it isn't vulnerable anyway. I've tightened up some > of the checking in the development versions to specifically check for > someone trying something though. > > Tony