A critical vulnerability has been found in the Concurrent Versions System (CVS), which is used by the vast majority of open-source projects to update and maintain source code, according to an advisory from the Computer Emergency Response Team (CERT) Coordination Center. . . .

A critical vulnerability has been found in the Concurrent Versions System (CVS), which is used by the vast majority of open-source projects to update and maintain source code, according to an advisory from the Computer Emergency Response Team (CERT) Coordination Center.

CVS allows open-source developers to remotely update and modify the source code to projects while ensuring that collaborative efforts don't overlap. By using CVS, changes to source code made by one developer aren't overwritten by another. It also tracks version control and provides the open-source community with a means by which to manage open projects with multiple contributors.

The security hole allows attackers to take control of a CVS server and alarmingly, it may also allow anonymous attackers to fiddle with open-source code at the development level.

The link for this article located at ZDNet is no longer available.