Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Fri 31 Oct 2014, 01:43
All times are UTC - 4
 Forum index » Off-Topic Area » Security
apache.org incident report for 04/09/2010
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
Page 1 of 1 Posts_count_1  
Author Message
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 11128
Location: Arizona USA

PostPosted: Sun 16 May 2010, 00:20    Post_subject:  apache.org incident report for 04/09/2010
Sub_title: If you are a user of the Apache hosted JIRA, Bugzilla, or Confluence, your password is compromised
 

https://blogs.apache.org/infra/entry/apache_org_04_09_2010

Quote:
... On April 5th, the attackers via a compromised Slicehost server opened a new issue, INFRA-2591. This issue contained the following text:
Quote:
ive got this error while browsing some projects in jira http://tinyurl.com/XXXXXXXXX [obscured]

Tinyurl is a URL redirection and shortening tool. This specific URL redirected back to the Apache instance of JIRA, at a special URL containing a cross site scripting (XSS) attack. The attack was crafted to steal the session cookie from the user logged-in to JIRA. When this issue was opened against the Infrastructure team, several of our administators clicked on the link. This compromised their sessions, including their JIRA administrator rights. ...

If I understand the rest of it correctly, the administrators didn't have to be logged in as root for this attack to succeed. Sudo was used by the attackers to gain root access.
Back to top
View user's profile Send_private_message 
Display_posts:   Sort by:   
Page 1 of 1 Posts_count_1  
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
 Forum index » Off-Topic Area » Security
Jump to:  

Rules_post_cannot
Rules_reply_cannot
Rules_edit_cannot
Rules_delete_cannot
Rules_vote_cannot
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0368s ][ Queries: 12 (0.0032s) ][ GZIP on ]