Re: Security incident on Alioth and other Alioth news

To: debian-project@lists.debian.org
Subject: Re: Security incident on Alioth and other Alioth news
From: Marc Haber <mh+debian-project@zugschlus.de>
Date: Wed, 6 Sep 2006 13:25:08 +0200
Message-id: <[🔎] 20060906112508.GC314@torres.l21.ma.zugschlus.de>
In-reply-to: <20060906102554.GL13426@ouaza.com>
References: <20060906102554.GL13426@ouaza.com>

On Wed, Sep 06, 2006 at 12:25:54PM +0200, Raphael Hertzog wrote:
> Alioth's web server was unavailable for most of the 5th of september. It was
> simply stopped because we discovered that some script kiddies were running an
> IRC proxy. After thorough investigation, we discovered that they exploited a
> pmwiki security hole[1] to deface some web pages, to install some malicious php
> pages which in turn were used to setup the IRC proxy.

Is it possible to rule out privilege escalation?

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835

Reply to:

Follow-Ups:
- Re: Security incident on Alioth and other Alioth news
  - From: Raphael Hertzog <hertzog@debian.org>

Prev by Date: Re: New website layout / design contest?
Next by Date: Re: New website layout / design contest?
Previous by thread: Re: Security incident on Alioth and other Alioth news
Next by thread: Re: Security incident on Alioth and other Alioth news
Index(es):
- Date
- Thread