[Clipart] fd.o compromised because of our incoming!
Jon Phillips
jon at rejon.org
Tue Oct 18 14:26:53 PDT 2005
clipart.freedesktop.org-access.log:80.99.252.106 - -
[17/Oct/2005:15:47:44 -0700] "GET /incoming/winnie_the_pooh.svg.php?x=cd
%20/tmp/cvsu;./pwned;id HTTP/1.1" 200 72118 "-" "Mozilla/5.0 (X11; U;
FreeBSD i386; en-US; rv:1.7.12) Gecko/20050924 Firefox/1.0.7"
We need to fix our process so that we don't compromise Gabe (fd.o's
server). Looks like someone uploaded a file and then executed from the
web.
Looks like a malicious svg/php file. What we feared.
Suggestions on how to fix and a fix would be great. I'm still getting
slammed from creativecommons.org and sfai.edu
Until this gets fixed fd.o admins are leaving OCAL offline...ugh!
Jon
--
Jon Phillips
San Francisco, CA
USA PH 510.499.0894
jon at rejon.org
http://www.rejon.org
MSN, AIM, Yahoo Chat: kidproto
Jabber Chat: rejon at gristle.org
IRC: rejon at irc.freenode.net
Inkscape (http://inkscape.org)
Open Clip Art Library (www.openclipart.org)
More information about the clipart
mailing list