PHP官方網站(http://www.php.net/)
3月25日訊息:據PHP官方網站發布新聞得知其wiki帳號被盜,原因是wiki.php.net漏洞導致的,而wiki的帳號和php代碼源的SVN提交許可權相關聯,從而導致PHP代碼受汙染。
據瞭解,PHP5.3.6以及其後續版本的代碼已經被汙染,目前只能把未受汙染的代碼版本確保到PHP5.3.5,下載PHP代碼的使用者,需謹慎。
| 原文內容: The wiki.php.net box was compromised and the attackers were able to collect wiki account credentials. No other machines in the php.net infrastructure appear to have been affected. Our biggest concern is, of course, the integrity of our source code. We did an extensive code audit and looked at every commit since 5.3.5 to make sure that no stolen accounts were used to inject anything malicious. Nothing was found. The compromised machine has been wiped and we are forcing a password change for all svn accounts. We are still investigating the details of the attack which combined a vulnerability in the Wiki software with a Linux root exploit. |
內容大致是:
由於wiki帳號被盜,PHP的代碼源極有可能被汙染,當然,PHP團隊已經做最大的努力以保證自PHP5.3.5版本的代碼沒有收到汙染,並且強迫SVN修改現有的密碼。
而事件目前的狀態是,他們仍然沒法鎖定漏洞所在,因為他們仍在排查。
一個很明顯的問題是,PHP5.3.6以及其後續版本的代碼已經被汙染,目前只能把未受汙染的代碼版本確保到PHP5.3.5,下載PHP代碼的人,要小心了。
而windows.php.net和wiki.php.net也已經暫停訪問。
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
