Slashdot Mirror

← Back to Stories (view on slashdot.org)

Remote Root Exploit in CVS

Posted by michael on from the checking-out dept.

RenHoek writes "Security expert Stefan Esser from E-matters discovered a bug in CVS version 1.11.4 and lower, that can give malignant users remote root access. The exploit was confirmed on BSD, but other OS's like Linux, Solaris and Windows are vulnerable too. A security advisory can be found here and there is also a patch available. CVS version 1.11.5 which is fixed can be downloaded as well."

3 of 209 comments (clear)

  1. Chicken and egg problem? by Gentoo+Fan · · Score: 5, Funny

    So if CVS is in CVS, maybe somebody rooted CVS's CVS to apply a patch to backdoor CVS, even with new CVS patches to CVS? ;)

  2. Re:cvs as root? by mustangdavis · · Score: 5, Interesting

    If I can get onto a Linux or BSD box as ANY USER, I can get root (well, 90% of the time, I can).

    Remember, many sys admins don't patch local software packages that have buffer overflows or other wonder exploits that can get you root, so just about ANY remote exploit that you can get shell access with can be viewed as a root exploit. This is especially true with University servers and other places that install all software packages that come with their Linux distribution in the name of "research" or "education".

    Just my $0.02 cents ...


    --
    HallmarkOrnaments.Com
  3. Re:cvs as root? by jhealy1024 · · Score: 5, Informative

    What fool runs their cvs pserver as root?

    Ummm... People using Debian?

    On a stock Woody box:

    grep cvs /etc/inetd.conf
    cvspserver stream tcp nowait.400 root /usr/sbin/tcpd /usr/sbin/cvs-pserver