Slashdot Mirror

← Back to Stories (view on slashdot.org)

Remote Root Exploit in CVS

Posted by michael on Tuesday January 21, 2003 @08:20AM from the checking-out dept.

RenHoek writes "Security expert Stefan Esser from E-matters discovered a bug in CVS version 1.11.4 and lower, that can give malignant users remote root access. The exploit was confirmed on BSD, but other OS's like Linux, Solaris and Windows are vulnerable too. A security advisory can be found here and there is also a patch available. CVS version 1.11.5 which is fixed can be downloaded as well."

4 of 209 comments (clear)

Min score:

Reason:

Sort:

Jesus Saves by Anonymous Coward · 2003-01-21 08:23 · Score: -1, Offtopic

Jesus Saves you. Ask him into your heart today, and get a purpose for your life!
The Man comes around by Anonymous Coward · 2003-01-21 08:24 · Score: -1, Offtopic

There's a man going 'round taking names
And he decides who to free and who to blame
Everybody won't be treated all the same,
There will be a golden letter reaching down
When the Man comes around
CVS bug may have been known for months by BMcWilliams · 2003-01-21 08:27 · Score: 0, Offtopic

According to this post on the Full-Disclosure list, the CVS bug has been known underground for a while. Wonder what they've been doing with it?
Re:Great.... by Anonymous Coward · 2003-01-21 08:27 · Score: -1, Offtopic

now anyone can get in my backdoor.....

Like this?

Wookie Love!