Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: More CVS woes - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
More CVS woes
It appears that the trouble at CVShome is worse than originally thought.

The main site is still down. German online magazine Heise (1) carries a report from Derek Reboer Price of the CVS team. In it, Price explains that the cvshome servers were breached and a root kit installed, prior to the CVS patches being applied. No further details on the initial breach are available at this time.

The CVS-Bugs mailing list archive (2) carries Price's original posting. In it, he theorises that " was abused to send the email using a root kit installed prior to the patching of its CVS server for CAN-2004-0396." He advises that "any CVS server running a release of CVS earlier than 1.11.16 or 1.12.8 be taken down immediately and patched."

(1) Heise online magazine

(2) CVS Bugs
Mark Cooper mark at mhc-online co uk

76 Posts
May 27th 2004

Sign Up for Free or Log In to start participating in the conversation!