Open-source code maintainer filled with flaws

Thursday, 10 June 2004 09:17 EST

Security researchers have found at least six more flaws in the open-software world's most popular program for maintaining code under development. According to a representative of the project that oversees the program, known as the Concurrent Versions System, the vulnerabilities include a flaw that could let an attacker take control of a CVS server from the Internet, putting the code repository's contents at risk. The flaws were discovered as part of an analysis of the program's code following the announcement last month of a similar set of issues.

The security flaws underscore the advice of CVS Project leaders, who say development teams should not be placing source-code repositories directly on the Internet. Rather, the repositories should be accessible only on private local networks or through VPNs (virtual private networks), said Derek Robert Price, one of three maintainers of the CVS Project and the project's release manager.

Read Full Story

News

Next-Gen Bank Trojans Are Upon Us
Jun 23, 2006, 09:54 EST

Yet Another Government Labtop Stolen
Jun 23, 2006, 09:52 EST

Wi-Fi hacked in 'digital drive-by'
Jun 23, 2006, 09:50 EST

Phishing with Skype
Jun 23, 2006, 06:35 EST

Most Technology Companies Have Data Losses
Jun 23, 2006, 04:51 EST

What cross-site scripting isn’t
Jun 23, 2006, 04:50 EST

Secure Your Data With A Fingerprint
Jun 22, 2006, 13:04 EST

Sponsors:
Prevent data theft & viruses through network connected USB sticks, PDAs & media players. Control user access to endpoint connections with GFI EndPointSecurity - Free trial!	Check your website security with a FREE website security audit by Acunetix. Audit your web applications for SQL injection, cross site scripting & more with Acunetix Web Vulnerability Scanner	Software security section is sponsored by GFI, a leading developer ofnetwork security, content security and messaging software - Free trial!


Copyright © IT-Observer.com 2000 - 2006	Privacy Policy \| RSS Feeds