[suse-security-announce] Defacement of several Novell websites

From: Marcus Meissner (meissner@suse.de)
Date: Tue Oct 04 2005 - 14:47:37 CEST

• Next message: Marcus Meissner: "[suse-security-announce] SUSE Security Summary Report SUSE-SR:2005:022"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 4 Oct 2005 14:47:37 +0200
From: Marcus Meissner <meissner@suse.de>
Message-ID: <20051004124737.GC14901@suse.de>
Subject: [suse-security-announce] Defacement of several Novell websites

Hi,

As you probably know, several Novell hosted web sites got defaced by
a vandal on the weekend.

The vandalized hosts wiki.novell.com, opensuse.org, and forge.novell.com
are actually virtual hosts living on one machine, making this one
affected machine.

The intruder gained access to the system by exploiting a known
vulnerability in the "Xoops" blog software installed on another
virtual host on this system (www.novell.com/prblogs/).

This software was not upgraded to the latest security fixed version.

The host affected is fully separate from our RPM and security fix
delivery machines, so the integrity of our distributions and
update repositories was not affected.

Sincerely,
        Marcus Meissner, SUSE Security Team

• application/pgp-signature attachment: stored

• Next message: Marcus Meissner: "[suse-security-announce] SUSE Security Summary Report SUSE-SR:2005:022"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Tue Oct 04 2005 - 14:51:06 CEST