[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security incident on Alioth and other Alioth news

On Wed, 06 Sep 2006, Marc Haber wrote:
> On Wed, Sep 06, 2006 at 12:25:54PM +0200, Raphael Hertzog wrote:
> > Alioth's web server was unavailable for most of the 5th of september. It was
> > simply stopped because we discovered that some script kiddies were running an
> > IRC proxy. After thorough investigation, we discovered that they exploited a
> > pmwiki security hole[1] to deface some web pages, to install some malicious php
> > pages which in turn were used to setup the IRC proxy.
> 
> Is it possible to rule out privilege escalation?

It's almost impossible to rule out a perfect attack with a yet unknown
security hole however we didn't find any sign that anything else was
compromised. The kernel had been updated after the last gluck compromise,
so it was not vulnerable to the known local root exploits.

Also the password database should be safe since credentials for accessing
the database are only made available by apache to PHP/CGI scripts
installed in /usr/share/gforge/www/ (which is not writable to www-data).

Cheers,
-- 
Raphaël Hertzog

Premier livre français sur Debian GNU/Linux :
http://www.ouaza.com/livre/admin-debian/
Reply to: