tomk Bodhisattva
Joined: 23 Sep 2003 Posts: 7221 Location: Sat in front of my computer
|
Posted: Tue Aug 14, 2007 9:31 pm Post subject: [gentoo-announce] packages.gentoo.org and other services dow |
|
|
On August 7, 2007, bannedit reported bug 187971 regarding a possible command injection vulnerability within http://packages.gentoo.org. The Infrastructure team verified the vulnerability and the server was immediately taken down to prevent further exploitation and to allow for forensic analysis.
The server hosted the following sites and services:
- archives.gentoo.org
- packagestest.gentoo.org
- scripts.gentoo.org
- archivestest.gentoo.org
- kiss.gentoo.org
- packages.gentoo.org
- stats.gentoo.org
- survey.gentoo.org
While no ETA is currently available, the affected sites and services will be restored. The affected server will be rebuilt while the packages.gentoo.org service's source undergoes a full security audit prior to being restored. The tree and all other services were unaffected.
If you have any comments or questions please post them to this thread. _________________ Search | Read | Answer | Report | Strip |
|