Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Sat 20 Dec 2014, 11:56
All times are UTC - 4
 Forum index » Off-Topic Area » Security
apache.org incident report for 04/09/2010
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [1 Post]  
Author Message
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 11180
Location: Arizona USA

PostPosted: Sun 16 May 2010, 00:20    Post subject:  apache.org incident report for 04/09/2010
Subject description: If you are a user of the Apache hosted JIRA, Bugzilla, or Confluence, your password is compromised
 

https://blogs.apache.org/infra/entry/apache_org_04_09_2010

Quote:
... On April 5th, the attackers via a compromised Slicehost server opened a new issue, INFRA-2591. This issue contained the following text:
Quote:
ive got this error while browsing some projects in jira http://tinyurl.com/XXXXXXXXX [obscured]

Tinyurl is a URL redirection and shortening tool. This specific URL redirected back to the Apache instance of JIRA, at a special URL containing a cross site scripting (XSS) attack. The attack was crafted to steal the session cookie from the user logged-in to JIRA. When this issue was opened against the Infrastructure team, several of our administators clicked on the link. This compromised their sessions, including their JIRA administrator rights. ...

If I understand the rest of it correctly, the administrators didn't have to be logged in as root for this attack to succeed. Sudo was used by the attackers to gain root access.
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [1 Post]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0432s ][ Queries: 11 (0.0064s) ][ GZIP on ]