Bugtraq mailing list archives
Re: Sourceforge compromized?
From: "Serguei A. Mokhov" <mokhov () cs concordia ca>
Date: Fri, 2 Feb 2007 11:57:45 -0500 (EST)
On Fri, 2 Feb 2007, Michael Scheidell wrote:
Date: Fri, 2 Feb 2007 06:40:21 -0500 http://yapig.sourceforge.net/demo/photos/photos2291.html (no one under 18 should click on that link above, it may violate state laws doing so) Could someone from sourceforge.net comment? What else is compromised on the server? Can just anyone post anything to any directory or are there specific directories that can be hacked? Is it just yapig.sourceforge.net?
Yes, 'yapig' is one of the many thousands projects on the sf.net. Every project gets a soft quota of 100Mb web space to put whatever they "want". ("Want" in a sense the project memebers may have shell access and can upload arbitrary contents, presumably should be legal contents..., but they users get to control what to put under their project space.)
Either case, I should suggest everyone be careful about what you download from sourceforge till they do a full code audit and post the results here.
If you find offensive or illegal content on sf.net (I did not check the link you provided), I suggest you report it to SourceForge here: http://sourceforge.net/tracker/?func=add&group_id=1&atid=200001 -- Serguei A. Mokhov | /~\ The ASCII Computer Science Department | \ / Ribbon Campaign Concordia University | X Against HTML Montreal, Quebec, Canada | / \ Email!
Current thread:
- strange behavior on Cisco 2801 Marcin (Feb 01)
- Re: strange behavior on Cisco 2801 Neil Anderson (Feb 01)
- Sourceforge compromized? Michael Scheidell (Feb 02)
- Re: Sourceforge compromized? Eliah Kagan (Feb 02)
- Re: Sourceforge compromized? Serguei A. Mokhov (Feb 02)
- Re: Sourceforge compromized? Tim (Feb 02)
- Re: Sourceforge compromized? Karl Schlitt (Feb 02)
- Sourceforge compromized? Michael Scheidell (Feb 02)
- Re: strange behavior on Cisco 2801 Neil Anderson (Feb 01)
- Re: strange behavior on Cisco 2801 Eloy Paris (Feb 02)