Name: Anonymous 2010-09-05 17:34
Original release date: 09/05/2010
Last revised: 09/05/2010
Source: #sicp
Overview
progscrape changeset 42a310936c21c8896dd12b7bf2d9b0df2b07aa1c, as distributed on github.com starting on 9/5/10, contains an externally introduced modification (Trojan Horse) in the recently added threading code which allows remote attackers to execute arbitrary commands.
Description
Changesets 2e404d09524324d9433b9e560c95a40d7686349e and earlier are not affected.
Impact
CVSS Severity (version 2.0):
CVSS v2 Base Score: 7.5
Impact Subscore: 6.4
Exploitability Subscore: 10.0
CVSS Version 2 Metrics:
Access Vector: Network exploitable
Access Complexity: Low
Authentication: Not required to exploit
Impact Type: Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service
References
External Source: MrVacBob
Hyperlink: http://twitter.com/mrvacbob/status/23031573891
External Source: Confirm
Hyperlink: http://twitter.com/Cairnarvon/status/22961802948
Last revised: 09/05/2010
Source: #sicp
Overview
progscrape changeset 42a310936c21c8896dd12b7bf2d9b0df2b07aa1c, as distributed on github.com starting on 9/5/10, contains an externally introduced modification (Trojan Horse) in the recently added threading code which allows remote attackers to execute arbitrary commands.
Description
Changesets 2e404d09524324d9433b9e560c95a40d7686349e and earlier are not affected.
Impact
CVSS Severity (version 2.0):
CVSS v2 Base Score: 7.5
Impact Subscore: 6.4
Exploitability Subscore: 10.0
CVSS Version 2 Metrics:
Access Vector: Network exploitable
Access Complexity: Low
Authentication: Not required to exploit
Impact Type: Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service
References
External Source: MrVacBob
Hyperlink: http://twitter.com/mrvacbob/status/23031573891
External Source: Confirm
Hyperlink: http://twitter.com/Cairnarvon/status/22961802948