Tuesday, April 25, 2017
Home / Security / Breaches / wiki.debian.org Breached via Zero-Day

wiki.debian.org Breached via Zero-Day

Debian announced early on January 4th that they found some suspicious IPs in their Apache logs.

“The Debian Security Team recently issued Debian Security Announcement
2593-1 [1] regarding the ‘moin’ package [2] and a remote arbitrary
code execution vulnerability in the twikidraw / anywikidraw
components. Debian’s wiki [3] is implemented using ‘moin’ and includes
support for the twikidraw component.”

A quick review of the apache2 log files for wiki.debian.org disclose that this vulnerability was exploited with success. Now, wiki.debian.org has been moved to a new host utilizing the patched package.  The team is in the process of an audit of the old server to determine the damage. “At this time, we have no evidence to indicate that the intrusion was particularly successful (logs have not been altered; root escalation has not been detected)”

All existing wiki account holders will require to follow the password recovery process in order to regain access to their accounts.

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Amazon hacked – hacker leaks 80,000 login credentials

A hacker going by the name 0x2Taylor has said to have breached the servers of …