|
|
From: Slackware Linux Project <press@slackware.com>
To: slackware-announce@slackware.com
Subject: [slackware-announce] www.slackware.com compromised
Date: Tue, 2 Jan 2001 23:18:15 -0800 (PST) |
|
www.slackware.com compromised
On December 25, 2000, the machine that runs the www.slackware.com web site
was compromised by an unknown cracker. The compromised machine was
quickly noticed and all services were shutdown. We have audited the machine
and restored from backup files.
After auditing the machine, we discovered a year old version of imapd on
the machine. It was also determined that the version of imapd on the
system had some known holes that were both fixed by the maintainers of
imapd (the one that ships with Pine) and was fixed in Slackware. An
explanation of the imapd problem can be found on the Security Focus web
site:
http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26mid%3D55450
This is when we updated the imapd package:
http://www.slackware.com/lists/archive/viewer.php?l=slackware-security&y=2000&m=slackware-security.261387
We neglected to check this machine and upgrade the package on it, and
apologize for the resulting downtime. Now back to our regularly scheduled
programming.
--
The Slackware Linux Project
http://www.slackware.com/
|
| |