[WEB SECURITY] Details on Novell hack

["Charlie Miller" <charlesamiller@xxxxxxxxxxx>]

In case you missed it, some technical details have come out about the Novell 
site that was hacked.
Charlie

From:
http://lists.suse.com/archive/suse-security-announce/2005-Oct/0001.html

Content:
Date: Tue, 4 Oct 2005 14:47:37 +0200
From: Marcus Meissner <meissner@xxxxxxx>
Message-ID: <20051004124737.GC14901@xxxxxxx>
Subject: [suse-security-announce] Defacement of several Novell websites



Hi,

As you probably know, several Novell hosted web sites got defaced by
a vandal on the weekend.

The vandalized hosts wiki.novell.com, opensuse.org, and forge.novell.com
are actually virtual hosts living on one machine, making this one
affected machine.

The intruder gained access to the system by exploiting a known
vulnerability in the "Xoops" blog software installed on another
virtual host on this system (www.novell.com/prblogs/).

This software was not upgraded to the latest security fixed version.

The host affected is fully separate from our RPM and security fix
delivery machines, so the integrity of our distributions and
update repositories was not affected.

Sincerely,
       Marcus Meissner, SUSE Security Team

_________________________________________________________________
Don?t just search. Find. Check out the new MSN Search! 
http://search.msn.click-url.com/go/onm00200636ave/direct/01/


---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/