It appears that the trouble at CVShome is worse than originally thought.
The main site http://www.cvshome.org is still down. German online magazine Heise (1) carries a report from Derek Reboer Price of the CVS team. In it, Price explains that the cvshome servers were breached and a root kit installed, prior to the CVS patches being applied. No further details on the initial breach are available at this time. The CVS-Bugs mailing list archive (2) carries Price's original posting. In it, he theorises that "...cvshome.org was abused to send the email using a root kit installed prior to the patching of its CVS server for CAN-2004-0396." He advises that "any CVS server running a release of CVS earlier than 1.11.16 or 1.12.8 be taken down immediately and patched." (1) Heise online magazine http://www.heise.de/security/news/meldung/47645 (2) CVS Bugs http://mail.gnu.org/archive/html/bug-cvs/2004-05/msg00380.html Mark Cooper mark at mhc-online co uk |
Handlers 76 Posts May 27th 2004 |
Thread locked Subscribe |
May 27th 2004 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!