[cvsnt] hacked

Andreas Tscharner andreas.tscharner at metromec.ch
Tue Sep 26 07:04:04 BST 2006


Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.


Javier Godinez wrote:
> We recently had a break in on our CVS Server.

What CVS version? CVS or CVSNT? Was it the CVS(NT) Server program that 
was compromised or the machine, CVS(NT) runs on?
> Does anyone have any ideas on what options there are to perform a
> source code audit?

Which source? CVS(NT) source? The source you managed with CVS(NT)?
> I am looking for tools/services/any ideas on how to attack this problem.
> If anyone has any guidance, it will be truly appreciated.

http://mixter.void.ru/vulns.html
is one page.

(I suggest you want to audit your own source code)
I think you should have some backups of your CVS(NT) repository; in this 
case a simple compare with the "last known good"(tm) version could be a 
solution...

Best regards
	Andreas
-- 
Andreas Tscharner                          andreas.tscharner at metromec.ch
------------------------------------------------------------------------
And the beast shall come forth surrounded by a roiling cloud of
vengeance. The house of the unbelievers shall be razed and they shall be
scorched to the earth. Their tags shall blink until the end of days.
                                             -- The Book of Mozilla 12:10


More information about the cvsnt mailing list
Download the latest CVSNT, TortosieCVS, WinCVS etc. for Windows 8 etc.
@CVSNT on Twitter   CVSNT on Facebook