Slashdot Mirror

← Back to Stories (view on slashdot.org)

Remote Root Exploit in CVS

Posted by michael on Tuesday January 21, 2003 @08:20AM from the checking-out dept.

RenHoek writes "Security expert Stefan Esser from E-matters discovered a bug in CVS version 1.11.4 and lower, that can give malignant users remote root access. The exploit was confirmed on BSD, but other OS's like Linux, Solaris and Windows are vulnerable too. A security advisory can be found here and there is also a patch available. CVS version 1.11.5 which is fixed can be downloaded as well."

1 of 209 comments (clear)

Min score:

Reason:

Sort:

CVS bug may have been known for months by BMcWilliams · 2003-01-21 08:27 · Score: 0, Offtopic

According to this post on the Full-Disclosure list, the CVS bug has been known underground for a while. Wonder what they've been doing with it?