phpwebsite-developers

[Phpwebsite-developers] phpWebSite and CVS are down

[Matthew M. <ma...@tu...>]

Greetings,

Steven noticed an strange process on our CVS server this morning. After
Kevin investigated, it was determined we had been compromised.

The culprit was a buffer overflow XSS in diff.php in Chora (version
1.1). Be warned.

While Kevin performs a security scan, phpWebSite will be down for about
an hour. CVS will be down longer while the server is recreated.

Thanks,
Matt

-- 
Matthew McNaney
Internet Systems Architect
Electronic Student Services
Appalachian State University
Phone: 828-262-6493
http://phpwebsite.appstate.edu
http://ess.appstate.edu

Re: [Phpwebsite-developers] phpWebSite and CVS are down

[Don S. <do...@se...>]

On 12:00 Mon 16 Aug     , Matthew McNaney wrote:
> The culprit was a buffer overflow XSS in diff.php in Chora (version
> 1.1). Be warned.

/me once again asserts that viewcvs is the one, true light.

--=20
Don Seiler
do...@se...

Public Key: http://pgp.mit.edu:11371/pks/lookup?op=3Dget&search=3D0xFC87F041
Fingerprint: 0B56 50D5 E91E 4D4C 83B7  207C 76AC 5DA2 FC87 F041