[e-privacy] Official Debian and Python Wiki Servers Compromised
simone a winstonsmith.info
simone a winstonsmith.info
Gio 10 Gen 2013 13:52:39 CET
Ciaoo,
spero che a qualcuno possa interessare:
Administration from Debian and Python project official websites
confirmed that their WIKI servers were compromised by some unknown
hackers recently. Hackers was able to hack because of several
vulnerabilities in "moin" package.
According to Brian Curtin at Python Project, Hacker user some unknown
remote code exploit on Python Wiki server (http://wiki.python.org/) and
was able to get shell access. The shell was restricted to "moin" user
permissions, where but no other services were affected. Attacker deleted
all files owned by the "moin" user, including all instance data for both
the Python and Jython wikis.
Python Software Foundation encourages all wiki users to change their
password on other sites if the same one is in use elsewhere. For now,
Python Wiki is down and team is investigating more about breach.
Where as in Debian Wiki (http://wiki.debian.org/) security breach, user
use some known vulnerabilities Directory traversal (CVE-2012-6080,
CVE-2012-6495), Multiple unrestricted file upload vulnerabilities
(CVE-2012-6081), Cross-site scripting (XSS) vulnerability (CVE-2012-6082).
Luca from Debian also mention,"We have reset all password hashes and
sent individual notification to all Debian wiki account holders with
instructions on how to recover their passwords".
In case of Debian, hacker compromise only 'wiki' user and have captured
the email addresses and corresponding password hashes of all wiki
editors. "The attacker(s) were particularly interested in the password
hashes belonging to users of Debian, Intel, Dell, Google, Microsoft,
GNU, any .gov and any .edu."
Both servers was compromised in December 2012, but it is not clear yet
that same hacker do both hacks or not
https://mail.python.org/pipermail/python-dev/2013-January/123499.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6080
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6495
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6082
http://lwn.net/Articles/531726/
-------------- parte successiva --------------
Un allegato non testuale è stato rimosso....
Nome: signature.asc
Tipo: application/pgp-signature
Dimensione: 189 bytes
Descrizione: OpenPGP digital signature
URL: <http://lists.winstonsmith.org/pipermail/e-privacy/attachments/20130110/7b467acc/attachment.pgp>
Maggiori informazioni sulla lista
e-privacy