bug-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

<strong>CVS Security Vulnerability</strong>


From: Derek Robert Price
Subject: <strong>CVS Security Vulnerability</strong>
Date: Mon, 24 May 2004 17:08:33 -0400
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040413

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all,

For those who don't know, cvshome.org is currently down because it was
hacked, via its CVS server we believe.  cvshome.org was used to send
an email that contains an exploit for the security vulnerabiliy
CAN-2004-0396
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0396>
patched in releases 1.11.16 & 1.12.8.

The email with the exploit is here:
<http://www.packetstormsecurity.org/0405-exploits/cvs_linux_freebsd_HEAP.c>.

Our working theory is that cvshome.org was abused to send the email
using a root kit installed prior to the patching of its CVS server for
CAN-2004-0396.

Note that this vulnerability requires a valid login id & password on
the CVS server to exploit, but that even an anonymous & read-only
account is sufficient.  This vulnerability also applies to any CVS
server, post-authentication.  A CVS server accessed via pserver, ssh,
or any other method will be equally vulnerable.

I recommend that any CVS server running a release of CVS earlier than
1.11.16 or 1.12.8 be taken down immediately and patched.

cvshome.org should be back up shortly but it may be some time before
anonymous read-only access is reenabled.  Thanks go out to the folks
at CollabNet for all the time they have been spending on this.

Derek

- --
                *8^)

Email: derek@ximbiot.com

Get CVS support at <http://ximbiot.com>!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFAsmRQLD1OTBfyMaQRAoFYAKDs4SpbgMnlWXE31OwLKL4JGrx0VgCgpWxA
z0Ig/Wi09ZBb6PovGxxW/ac=
=7zWD
-----END PGP SIGNATURE-----





reply via email to

[Prev in Thread] Current Thread [Next in Thread]