|
From: | David Grant |
Subject: | Re: [Gnumed-devel] hherb.com reborn |
Date: | Tue, 30 Nov 2004 00:29:50 -0800 |
User-agent: | Mozilla Thunderbird 0.9 (X11/20041122) |
Sebastian Hilbert wrote:
It's all the same exploit I believe. But as far as I knew, as long as apache was being run with proper permissions, then it is harmless. I noticed it around the same time that hherb.com was hacked, on the gentoo.org site as a security announcement. Apparently it may have been fixed in a twiki version as early as September 2, 2004, if I am correct...because it doesn't require a patch, but all previous versions do. Also, the fact that hey issued a new release the day after September 1st, means it must have gotten noticed just after release or something. But somehow it didn't get picked up by the security alert channel until much later: http://www.gentoo.org/security/en/glsa/glsa-200411-33.xml I guess it was seen as a minor security threat until recently.On Monday 29 November 2004 08:27, David Grant wrote:Today www.heise.de ran an article on CCC (chaos computer club) having been hacked via twiki by some spanisch hackers. CCC has a reputation for being pretty smart guys.https://www.ccc.de/updates/2004/camp-server-hack?language=en This hack was possible because of an unknown twiki exploit.
David -- David J. Grant http://www.davidgrant.ca:81
david.grant.vcf
Description: Vcard
[Prev in Thread] | Current Thread | [Next in Thread] |