Slashdot: Remote Root Exploit -- Please Explain
It sounds like there's a fairly substantial exploit that could effect all the platforms: <a href="http://developers.slashdot.org/developers/03/01/21/1752251.shtml?tid=128"; target="_blank">Slashdot: Remote Root Exploit in CVS</a>
I'm having a great deal of difficulty understanding what this issue is all about. The discussion is too technical for me to properly comprehend. Could someone possibly distill the story into something meaningful to the non-programmer?
[ 01-22-2003: Message edited by: Big Mac ]</p>
I'm having a great deal of difficulty understanding what this issue is all about. The discussion is too technical for me to properly comprehend. Could someone possibly distill the story into something meaningful to the non-programmer?
[ 01-22-2003: Message edited by: Big Mac ]</p>
Comments
Unless you installed it with the developer tools, you Mac OS X box is not affected as it does not have it installed.
Basically, and I'm no programmer, but this is what it sounds like. There is a problem in handling directory requests in the server code... which apparently means that by sending malicious commands to a CVS box, you can get it to leak information back to you that could execute code, or other various geeky things.
But apparently, according to the article, it depends on how you have the CVS server configure. By default, the server is started with root privs... and if you leave the CVSROOT/passwd writeable to a CVS user.... then your box can be 'rooted' remotely by somebody taking advantage of this directory request bug and sending malicious commands.
[quote]Summarized this means that this vulnerability is a threat to most open source projects because nearly all of them offer anonymous CVS access to the source tree. Even if the attacker is not able to extend his attack on the developer CVS server (if it is seperated at all) he could still backdoor everything other people download from the anonymous server. <hr></blockquote>