Slashdot Mirror

← Back to Stories (view on slashdot.org)

Remote Root Exploit in CVS

Posted by michael on Tuesday January 21, 2003 @08:20AM from the checking-out dept.

RenHoek writes "Security expert Stefan Esser from E-matters discovered a bug in CVS version 1.11.4 and lower, that can give malignant users remote root access. The exploit was confirmed on BSD, but other OS's like Linux, Solaris and Windows are vulnerable too. A security advisory can be found here and there is also a patch available. CVS version 1.11.5 which is fixed can be downloaded as well."

1 of 209 comments (clear)

Min score:

Reason:

Sort:

Re:Chicken and egg problem? by Anonymous Coward · 2003-01-21 09:55 · Score: -1, Redundant

I propose that from here on out, any reference to this paper be summarily modded down as "Redundant". Yes, yes, we know. Now shut up!