LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Announcements page

Sponsored link

Vyatta – Linux & Open Source Alternative to Cisco – Advanced Routing, Firewall, VPN, QoS..
Free Download ->

Recent Features

LK2008: The values of the Linux community

LWN.net Weekly Edition for October 9, 2008

Plugging into GCC

LWN.net Weekly Edition for October 2, 2008

Ubuntu debuts its Upstream Report

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Freedesktop.org returns to the net

[Posted November 23, 2004 by cook]

The Freedesktop.org site was recently compromised, it's back online and the admin log explains what happened. "As you may have noticed, freedesktop.org sort of got compromised a few days back. By 'sort of', I do, of course, mean 'totally'. Adam Conrad noticed a few thousand bounces in his inbox courtesy of being on www-data, and that they were all for spams being sent as www-data. Whoops. We started hunting for an insecure formmail.pl, but when we took a look at lsof and discovered an IRC proxy running, we decided it was something more insidious. From there, the machine got killed to all access but ours, and we started tracking down the point of entry. It turned out that it was compromised via a hole in TWiki, but no news was to be found on the TWiki site about this hole, nor was there a new release." (Thanks to Maximilian Attems.)
(Log in to post comments)

Freedesktop.org returns to the net

Posted Nov 24, 2004 9:13 UTC (Wed) by Cato (subscriber, #7643) [Link]

The recent vulnerability in TWiki was a serious one, and quite a few sites have unfortunately been compromised, though those who patched their sites in time have not been.

The TWiki developers were notified of the vulnerability on 12th November, and the security alert email went out on the same day, including a patch to fix the hole and referencing the alert page that went up shortly after. You can check the history of that page using the Total Page History on the bottom of the page. I'm not sure when Freedesktop.org checked the TWiki site - it's possible the exploit was in the wild before the TWiki developers were notified, but from 13th November the alert information was there.

The TWiki community is discussing how best to deliver security alerts to administrators (probably via a low-volume security alert list) as part of an improved TWiki security alert process. The main problem with this hole has been notifying administrators in a low-volume way (we already have quite a high volume email list of changes to TWiki.org pages).

Disclosure: As you may have guessed, I'm one of the TWiki developers.

Copyright © 2004, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds