Threat Level: green Handler on Duty: Russ McRee

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2004-05-27 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

More CVS woes

Published: 2004-05-27
Last Updated: 2004-05-27 22:57:34 UTC
by Handlers (Version: 1)
0 comment(s)
It appears that the trouble at CVShome is worse than originally thought.

The main site http://www.cvshome.org is still down. German online magazine Heise (1) carries a report from Derek Reboer Price of the CVS team. In it, Price explains that the cvshome servers were breached and a root kit installed, prior to the CVS patches being applied. No further details on the initial breach are available at this time.

The CVS-Bugs mailing list archive (2) carries Price's original posting. In it, he theorises that "...cvshome.org was abused to send the email using a root kit installed prior to the patching of its CVS server for CAN-2004-0396." He advises that "any CVS server running a release of CVS earlier than 1.11.16 or 1.12.8 be taken down immediately and patched."

(1) Heise online magazine http://www.heise.de/security/news/meldung/47645

(2) CVS Bugs http://mail.gnu.org/archive/html/bug-cvs/2004-05/msg00380.html
Mark Cooper mark at mhc-online co uk
Keywords:
0 comment(s)
Diary Archives