The Inquirer-Home

Security holes splatter Open Source

Blackburn Lancashire effect
Fri Jun 11 2004, 08:10
A KEY OPEN source tool used by developers to track and manage changes in computer code has six security glitches and counting.

Concurrent Versions System (CVS) is used to manage code on a number of top open source software development projects.

Discovered by German security firm E-matters, the six holes could enable remote attackers to launch denial of service attacks or run malicious code on systems hosting vulnerable versions of CVS.

Already another hole was used by hackers to attack the CVS project Web site, and it was during a search of the code after that attack the other six vulnerabilities were found.

Some of the new vulnerabilities require a valid CVS login, while others can be exploited remote.

One CVS function called "double-free()" was used to exploit a number of systems running Linux.

The holes have been patched, but it does shake the complacency of Linux users. Some think they are almost invulnerable to the sorts of attacks suffered by Windows users. µ


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

INQ Poll

Heartbleed bug discovered in OpenSSL

Have you reacted to Heartbleed?