CVE-2010-1326

Name: CVE-2010-1326
Creator: NVD / NIST
Published: 2010-09-15T18:00:03.353+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 5.15%

Last modified Jun 16, 2026

CVE-2010-1326 is a vulnerability of currently unknown severity. perms.cpp in March Hare Software CVSNT 2.0.58, 2.5.01, 2.5.02, 2.5.03 before build 3736, 2.5.04 before build 2862; CVS Suite 2.5.03, 2008 before build 3736, and 2009 before 3729 allows remote attackers to bypass the permissions check, modify arbitrary modules and directories within CVSROOT, and execute arbitrary code via a crafted branch name ACL, possibly related to incorrect inheritance.. EPSS estimates a 5.15% chance of exploitation in the next 30 days.

Description

perms.cpp in March Hare Software CVSNT 2.0.58, 2.5.01, 2.5.02, 2.5.03 before build 3736, 2.5.04 before build 2862; CVS Suite 2.5.03, 2008 before build 3736, and 2009 before 3729 allows remote attackers to bypass the permissions check, modify arbitrary modules and directories within CVSROOT, and execute arbitrary code via a crafted branch name ACL, possibly related to incorrect inheritance.

Metrics

EPSS Probability

5.15%

91.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-264

Affected Software

Vendor	Product	Versions	Update
March-Hare	Cvs Suite	2.5.03	—
March-Hare	Cvs Suite	2008	—
March-Hare	Cvs Suite	2009	Pre-Release
March-Hare	Cvsnt	2.0.58	—
March-Hare	Cvsnt	2.5.01	—
March-Hare	Cvsnt	2.5.02	—
March-Hare	Cvsnt	2.5.03	—
March-Hare	Cvsnt	2.5.04	—

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=593884
http://customer.march-hare.com/webtools/bugzilla/attachment.cgi?tt=1&id=1790&action=view
http://march-hare.com/cvspro/vuln.htmVendor Advisory
http://secunia.com/advisories/41345Vendor Advisory
http://secunia.com/advisories/41358Vendor Advisory
http://www.debian.org/security/2010/dsa-2108
http://www.vupen.com/english/advisories/2010/2350Vendor Advisory
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=593884
http://customer.march-hare.com/webtools/bugzilla/attachment.cgi?tt=1&id=1790&action=view
http://march-hare.com/cvspro/vuln.htmVendor Advisory
http://secunia.com/advisories/41345Vendor Advisory
http://secunia.com/advisories/41358Vendor Advisory
http://www.debian.org/security/2010/dsa-2108
http://www.vupen.com/english/advisories/2010/2350Vendor Advisory

Timeline

Published: Sep 15, 2010
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2010-1326?

How severe is CVE-2010-1326?

Severity scoring for CVE-2010-1326 is pending analysis. The EPSS model estimates a 5.15% probability of exploitation in the next 30 days.

How do I fix CVE-2010-1326?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2010-1326?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST