Slashdot Mirror

← Back to Stories (view on slashdot.org)

Remote Root Exploit in CVS

Posted by michael on from the checking-out dept.

RenHoek writes "Security expert Stefan Esser from E-matters discovered a bug in CVS version 1.11.4 and lower, that can give malignant users remote root access. The exploit was confirmed on BSD, but other OS's like Linux, Solaris and Windows are vulnerable too. A security advisory can be found here and there is also a patch available. CVS version 1.11.5 which is fixed can be downloaded as well."

10 of 209 comments (clear)

  1. Murphy's Law by swordboy · · Score: 2, Funny

    This kind of thing always seems to happen after I burn a new release of something.

    Sigh...

    --

    Life is the leading cause of death in America.
  2. Chicken and egg problem? by Gentoo+Fan · · Score: 5, Funny

    So if CVS is in CVS, maybe somebody rooted CVS's CVS to apply a patch to backdoor CVS, even with new CVS patches to CVS? ;)

  3. the great circle of software.life by poindextrose · · Score: 4, Funny

    ah yes, another representation of sofware's circle of life.

    exploit, patch, exploit, patch, exploit, patch.

    insert elton john music here

    --
    Karma: Raspberry Kiwi
  4. It's true by mao+che+minh · · Score: 4, Funny

    Yea, I used CVS to update my mplayer so I could watch some newer Windows Media files sent to be by some nice young woman at "Brintey_XXX_Hot_NAKED_ J-LO_CAUGHT_ACTION@hotmail.com". Shortly thereafter, I came back from the bathroom to discover that my desktop image was replaced by a big penis with the KDE gears for testicles, and I couldn't start any programs.

  5. Malignant users? by Dthoma · · Score: 4, Funny

    I wonder how you operate to remove those?

    --

    Note to M1-ers: a curt but otherwise insightful message is not "Flamebait" or "Troll".

  6. Re:CVS, huh? by Alsee · · Score: 4, Funny

    Do you Closed-Sourced folks trust whatever gets shoved down your throat?

    No, but we swallow it anyway, lol.

    -

    --
    - - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
  7. Re:CVS, huh? by flynt · · Score: 3, Funny

    That means the attacker would have either had to have nailed the server distributing the copies

    And how are they going to do that? Through a hole in something like CVS??? Couldn't be!

  8. Re:cvs as root? by someonehasmyname · · Score: 2, Funny

    I think he means instead of running ftpd as "ftpd" they'd config it to run as the username "education."

    Then they'd do this with apache, cvs, sendmail, bind, etc.

    Am I wrong in assuming this?

    --
    Common sense is not so common.
  9. Whaddya mean, "imagine"? by devphil · · Score: 2, Funny
    "First we compile the modified source with the normal C compiler to produce a bugged binary. We install this binary as the official C. We can now remove the bugs from the source of the compiler and the new binary will reinsert the bugs whenever it is compiled. Of course, the login command will remain bugged with no trace in source anywhere."

    I became a GCC maintainer for precisely this reason.

    And I'll just say to you, pclminion, that those JPGs in your home directory aren't as, ahem, secure as you'd like to think.

    --
    You cannot apply a technological solution to a sociological problem. (Edwards' Law)
  10. Re:Er.... by mentin · · Score: 2, Funny
    I thought this affected Windows also......

    Yeah, and we need to quickly find a way to blame Microsoft for this CVS bug. Any ideas?

    --
    MSDOS: 20+ years without remote hole in the default install