Slashdot Mirror

← Back to Stories (view on slashdot.org)

Remote Root Exploit in CVS

Posted by michael on from the checking-out dept.

RenHoek writes "Security expert Stefan Esser from E-matters discovered a bug in CVS version 1.11.4 and lower, that can give malignant users remote root access. The exploit was confirmed on BSD, but other OS's like Linux, Solaris and Windows are vulnerable too. A security advisory can be found here and there is also a patch available. CVS version 1.11.5 which is fixed can be downloaded as well."

1 of 209 comments (clear)

  1. Chicken and egg problem? by Gentoo+Fan · · Score: 5, Funny

    So if CVS is in CVS, maybe somebody rooted CVS's CVS to apply a patch to backdoor CVS, even with new CVS patches to CVS? ;)