Date: Tue, 2 Jan 2001 23:18:15 -0800 (PST) From: Slackware Linux Project <press@slackware.com> To: slackware-announce@slackware.com Subject: [slackware-announce] www.slackware.com compromised www.slackware.com compromised On December 25, 2000, the machine that runs the www.slackware.com web site was compromised by an unknown cracker. The compromised machine was quickly noticed and all services were shutdown. We have audited the machine and restored from backup files. After auditing the machine, we discovered a year old version of imapd on the machine. It was also determined that the version of imapd on the system had some known holes that were both fixed by the maintainers of imapd (the one that ships with Pine) and was fixed in Slackware. An explanation of the imapd problem can be found on the Security Focus web site: http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26mid%3D55450 This is when we updated the imapd package: http://www.slackware.com/lists/archive/viewer.php?l=slackware-security&y=2000&m=slackware-security.261387 We neglected to check this machine and upgrade the package on it, and apologize for the resulting downtime. Now back to our regularly scheduled programming. -- The Slackware Linux Project http://www.slackware.com/