| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 2 Feb 2007 11:57:45 -0500 (EST)
From: "Serguei A. Mokhov" <mokhov@...concordia.ca>
To: Michael Scheidell <scheidell@...nap.net>
Cc: bugtraq@...urityfocus.com, security@...rceforge.net
Subject: Re: Sourceforge compromized?
On Fri, 2 Feb 2007, Michael Scheidell wrote:
> Date: Fri, 2 Feb 2007 06:40:21 -0500
>
> http://yapig.sourceforge.net/demo/photos/photos2291.html
>
> (no one under 18 should click on that link above, it may violate state
> laws doing so)
>
> Could someone from sourceforge.net comment? What else is compromised on
> the server?
>
> Can just anyone post anything to any directory or are there specific
> directories that can be hacked?
>
> Is it just yapig.sourceforge.net?
Yes, 'yapig' is one of the many thousands projects on the sf.net. Every
project gets a soft quota of 100Mb web space to put whatever they "want".
("Want" in a sense the project memebers may have shell access and can
upload arbitrary contents, presumably should be legal contents..., but
they users get to control what to put under their project space.)
> Either case, I should suggest everyone be careful about what you
> download from sourceforge till they do a full code audit and post the
> results here.
If you find offensive or illegal content on sf.net (I did not check the
link you provided), I suggest you report it to SourceForge here:
http://sourceforge.net/tracker/?func=add&group_id=1&atid=200001
--
Serguei A. Mokhov | /~\ The ASCII
Computer Science Department | \ / Ribbon Campaign
Concordia University | X Against HTML
Montreal, Quebec, Canada | / \ Email!
Powered by blists - more mailing lists