CVS Client Server-Instructed File Create Vulnerability

info
discussion
exploit
solution
references

CVS Client Server-Instructed File Create Vulnerability

The cvs client blindly trust paths returned to it by the server. Therefore, a cvs client could be tricked into creating a file anywhere on the system by a malicious server.