Slashdot Mirror

← Back to Stories (view on slashdot.org)

Remote Root Exploit in CVS

Posted by michael on from the checking-out dept.

RenHoek writes "Security expert Stefan Esser from E-matters discovered a bug in CVS version 1.11.4 and lower, that can give malignant users remote root access. The exploit was confirmed on BSD, but other OS's like Linux, Solaris and Windows are vulnerable too. A security advisory can be found here and there is also a patch available. CVS version 1.11.5 which is fixed can be downloaded as well."

2 of 209 comments (clear)

  1. Great.... by kingharrison · · Score: 0, Troll

    now anyone can get in my backdoor..... (someone had to say it)

  2. Re:cvs as root? by Fizzl · · Score: 1, Troll

    Indeed. I'm a Lunix newbie, and I have set-up only one CVS server that is public (not NAT:d).
    Yet I was cluefull enough to run it in it's very own sand box.

    I can't imagine this exploit is a terrible problem.

    --
    Bot Assisted Blogging