Securing Version Control Systems

To protect against these vulnerabilities, consider the following steps:

  • Update CVS to the latest stable release. CVS can be found at http://www.cvshome.org.
  • Run the CVS server in a chroot jail.
  • Conigure CVS to use the SSH protocol instead of the pserver protocol (which sends the passwords in plaintext).
  • If you don’t allow anonymous access to your CVS server, try iltering port 2401 to allow only trusted hosts to connect to it.
  • Host the CVS server for anonymous read-only access on a stand-alone system.
  • Run the published exploits against your CVS servers.

To protect your subversion server against those vulnerabilities, consider the following steps:

  1. Update your subversion software to the latest stable version from http://subversion.tigris.org/.
  2. Configure subversion to use webDAV instead of the svn protocol.
  3. If you don’t allow anonymous access to your subversion server, try filtering the TCP port 3690 to allow only trusted hosts.
  4. Run the published exploits against your subversion server.
  5. Host the subversion server for anonymous read-only access on a stand-alone system.

Leave a Reply

Your email address will not be published. Required fields are marked *