BitMover BitKeeper 3.0 - Daemon Mode Remote Command Execution
| EKU-ID: 27635 | CVE: | OSVDB-ID: |
| Author: Maurycy Prodeus | Published: 2003-01-11 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 27635 | CVE: | OSVDB-ID: |
| Author: Maurycy Prodeus | Published: 2003-01-11 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/6588/info It has been reported that BitKeeper is vulnerable to an input validation bug. When the software is run in daemon mode, it starts a service with an interface that can be connected to via HTTP. By sending specially crafted input to the service, it is possible to execute abitrary commands. http://www.example.com:port/diffs/foo.c@%27;echo%20%3Eiwashere%27?nav=index.html|src/|hist/foo.c