Mailing List Info
Slackware Logo

News

Security Advisories

FAQ

Book

General Info

Get Slack

Install Help

Configuration

Packages

ChangeLogs

Propaganda

Ports

Other Sites

Support

Contact

Mailing Lists
  Archives

About

 
From: Slackware Linux Project <press@slackware.com>
To: slackware-announce@slackware.com
Subject: [slackware-announce] www.slackware.com compromised
Date: Tue, 2 Jan 2001 23:18:15 -0800 (PST)
www.slackware.com compromised

On December 25, 2000, the machine that runs the www.slackware.com web site
was compromised by an unknown cracker.  The compromised machine was
quickly noticed and all services were shutdown.  We have audited the machine
and restored from backup files.

After auditing the machine, we discovered a year old version of imapd on
the machine.  It was also determined that the version of imapd on the
system had some known holes that were both fixed by the maintainers of
imapd (the one that ships with Pine) and was fixed in Slackware.  An
explanation of the imapd problem can be found on the Security Focus web
site:

   http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26mid%3D55450

This is when we updated the imapd package:

   http://www.slackware.com/lists/archive/viewer.php?l=slackware-security&y=2000&m=slackware-security.261387

We neglected to check this machine and upgrade the package on it, and
apologize for the resulting downtime.  Now back to our regularly scheduled
programming.

--
The Slackware Linux Project
http://www.slackware.com/



Slackware™ is a trademark of Patrick Volkerding.