Slashdot Mirror

← Back to Stories (view on slashdot.org)

Remote Root Exploit in CVS

Posted by michael on from the checking-out dept.

RenHoek writes "Security expert Stefan Esser from E-matters discovered a bug in CVS version 1.11.4 and lower, that can give malignant users remote root access. The exploit was confirmed on BSD, but other OS's like Linux, Solaris and Windows are vulnerable too. A security advisory can be found here and there is also a patch available. CVS version 1.11.5 which is fixed can be downloaded as well."

5 of 209 comments (clear)

  1. Chicken and egg problem? by Gentoo+Fan · · Score: 5, Funny

    So if CVS is in CVS, maybe somebody rooted CVS's CVS to apply a patch to backdoor CVS, even with new CVS patches to CVS? ;)

  2. the great circle of software.life by poindextrose · · Score: 4, Funny

    ah yes, another representation of sofware's circle of life.

    exploit, patch, exploit, patch, exploit, patch.

    insert elton john music here

    --
    Karma: Raspberry Kiwi
  3. It's true by mao+che+minh · · Score: 4, Funny

    Yea, I used CVS to update my mplayer so I could watch some newer Windows Media files sent to be by some nice young woman at "Brintey_XXX_Hot_NAKED_ J-LO_CAUGHT_ACTION@hotmail.com". Shortly thereafter, I came back from the bathroom to discover that my desktop image was replaced by a big penis with the KDE gears for testicles, and I couldn't start any programs.

  4. Malignant users? by Dthoma · · Score: 4, Funny

    I wonder how you operate to remove those?

    --

    Note to M1-ers: a curt but otherwise insightful message is not "Flamebait" or "Troll".

  5. Re:CVS, huh? by Alsee · · Score: 4, Funny

    Do you Closed-Sourced folks trust whatever gets shoved down your throat?

    No, but we swallow it anyway, lol.

    -

    --
    - - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.