[Rt-announce] SECURITY ALERT: bestpractical.com server compromise
jesse at bestpractical.com
Thu Apr 8 16:36:20 EDT 2004
Best Practical Solutions -- SECURITY ADVISORY
On 7 April 2004, we detected anomolous system activity on
www.bestpractical.com (220.127.116.11), the host that serves as Best
Practical's source code repository (svn.bestpractical.com), mailing
list server (lists.bestpractical.com), distribution server
(download.bestpractical.com) and issue tracking server
(tickets.bestpractical.com). That day, we traced this activity to a local
system compromise and immediately pulled the host from production.
We believe that an attacker used a linux kernel vulnerability to gain root
privileges. An investigation to determine the initial point of compromise
and initial time of the attack is currently under way. We've also begun
an audit to verify the integrity of the currently available version
of RT and our other products as well as the source code repository.
Currently, we have no indication that this attack was targetted at us
or specifically at RT, but we don't want to take chances.
We're currently reviewing and revising our security policies and procedures
to ensure that a similar situation doesn't happen in the future.
Mailing list memberships on lists.bestpractical.com have been moved to
a new server and your mailinglist passwords have been reset. If you
used the same password for our mailinglist server and other servers,
you may want to consider changing that password.
We've set up a special hotline for any customer or member of the community
who needs to contact us about anything related to this issue. Please don't
hesitate to contact us day or night with your concerns at
security at bestpractical.com or +1 617 395 0175.
We apologize for the inconvenience caused by the temporary
non-availability of the RT source code and look forward to restoring
all services as quickly as possible.
Best Practical Solutions, LLC
More information about the Rt-announce