Thursday, January 10, 2013

Published information on breaking wiki.python.org


Following the hacking wiki.debian.org received information on intruders server hosting site wiki.python.org, using contain sensitive wiki-engine version of MoinMoin. Wiki.python.org site was compromised on December 28, the day before the release of MoinMoin 1.9.6 with security fixes.

After hacking of a site wiki.debian.org received information on penetration of malefactors on the server serving a site wiki.python.org, using containing vulnerability the wiki-cursor MoinMoin version..

As in the case of attack on the project wiki Debian, incident analysis showed that the attacker was able to access the system only under the user moin and could not elevate their privileges to the user root. After the penetration of the attacker tried to delete all the files belonging to the user moin, and this revealed his presence. Unfortunately, an attacker gained access to the database user wiki-project sites Python and Jython, containing, including password hashes. In this connection, initiated the process of changing passwords for users and wiki.python.org wiki.jython.org.


In addition there information about the operation of these vulnerabilities (CVE-2012-6081) in July 2012, almost half a year before the appearance of public information about a problem of security. Thus can not be excluded having noticed attacks on infrastructure known projects using MoinMoin 1.9.x. In particular, we know that these issues have been installed on wiki.freebsd.org, freedesktop.org / wiki, wiki.x.org and wiki.ubuntu.com. MoinMoin is also used on sites live.gnome.org, wiki.winehq.com, wiki.centos.org, gcc.gnu.org / wiki and wiki.apache.org.

No comments:

Post a Comment