Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: More CVS woes - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
More CVS woes
It appears that the trouble at CVShome is worse than originally thought.

The main site http://www.cvshome.org is still down. German online magazine Heise (1) carries a report from Derek Reboer Price of the CVS team. In it, Price explains that the cvshome servers were breached and a root kit installed, prior to the CVS patches being applied. No further details on the initial breach are available at this time.

The CVS-Bugs mailing list archive (2) carries Price's original posting. In it, he theorises that "...cvshome.org was abused to send the email using a root kit installed prior to the patching of its CVS server for CAN-2004-0396." He advises that "any CVS server running a release of CVS earlier than 1.11.16 or 1.12.8 be taken down immediately and patched."

(1) Heise online magazine http://www.heise.de/security/news/meldung/47645

(2) CVS Bugs http://mail.gnu.org/archive/html/bug-cvs/2004-05/msg00380.html
Mark Cooper mark at mhc-online co uk
Handlers

76 Posts

Sign Up for Free or Log In to start participating in the conversation!