If memory serves me right the CVS bug was originally discovered and exploited by a member of an infamous file sharing site. After descriptions(?) of that bug were leaked in underground circles, an east European hacker wrote up his own exploit for it. This second exploit was eventually traded for hatorihanzo.c, a kernel exploit, which was also a 0-day at the time.

The recipient of the hatorihanzo.c then tried to backdoor the kernel after first owning the CVS server and subsequently getting root on it.

The hatorihanzo exploit was left on the kernel.org server, but encrypted with an (at the time) popular ELF encrypting tool. Ironically the author of that same tool was on the forensic team and managed to crack the password, which turned out to be a really lame throwaway password.

And that's the story of how two fine 0-days were killed in the blink of an eye.

(The other funny kernel.org story is when a Google security researcher found his own name in the master boot record of a misbehaving server.)

>(The other funny kernel.org story is when a Google security researcher found his own name in the master boot record of a misbehaving server.)

Do you have a link to this story? I tried googling but couldn't find it

No.

Why is that people with brains write l33t like kids and have such dirty names and ascii drawings?