Full Disclosure mailing list archives
Re: sourceforge entry point seems still active.
From: wac <waldoalvarez00 () gmail com>
Date: Sun, 30 Jan 2011 11:43:13 -0500
So it actually happened! Not surprising at all. I suspected at first sight about a phish attempt because the email in another domain they sent for contact in case of problems with password reset (didn't bothered about headers anyway). Seems mine was not compromised according to what they say "Our analysis uncovered (among other things) a hacked SSH daemon, which was modified to do password capture." If i were them I would reinstall from scratch at least all SSH servers. They all could be compromised! On 1/30/11, exploit dev <extraexploit () gmail com> wrote:
Sourceforge has reported a full report of attack. Seems very close to what I wrote in previous messages and reported in my blog posts related to this thread. Sourceforge Attack: Full Report http://sourceforge.net/blog/sourceforge-attack-full-report/ On Tue, Jan 25, 2011 at 9:18 PM, exploit dev <extraexploit () gmail com> wrote:Hi Andrew, just a reminder: this breach was used by php/python/perl script for get and save on user directory bot and remote shell. Also you could, as reported also in owned and exposed zine, launch commands and attempt privilege escalation. So I'm not so sure that this is not so writable as well i think is not right sayd that is not critical. Regards-. On Tue, Jan 25, 2011 at 8:47 PM, Andrew Farmer <andfarm () gmail com> wrote:On 2011-01-24, at 12:08, exploit dev wrote:Anyway, I'm sorry repeat my message. I think that this issue is a bit critical but I don't receive still any feedback,It's not particularly critical by any means. SourceForge projects all have their own web space, and there are doubtless a bunch of them running vulnerable versions of software. These sites are relatively isolated, and don't have write access to the project's SCM or downloads.-- http://extraexploit.blogspot.com-- http://extraexploit.blogspot.com
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- sourceforge entry point seems still active. exploit dev (Jan 22)
- Re: sourceforge entry point seems still active. exploit dev (Jan 25)
- Re: sourceforge entry point seems still active. Jeffrey Walton (Jan 25)
- Re: sourceforge entry point seems still active. exploit dev (Jan 25)
- Re: sourceforge entry point seems still active. Andrew Farmer (Jan 25)
- Re: sourceforge entry point seems still active. exploit dev (Jan 25)
- Re: sourceforge entry point seems still active. exploit dev (Jan 28)
- Re: sourceforge entry point seems still active. Sal Rinder (Jan 31)
- Re: sourceforge entry point seems still active. exploit dev (Jan 30)
- Re: sourceforge entry point seems still active. wac (Jan 30)
- Re: sourceforge entry point seems still active. Jeffrey Walton (Jan 25)
- Re: sourceforge entry point seems still active. exploit dev (Jan 25)