This gem is very interesting since it happened on Gentoo servers. It therefore combines transparency into the incident that only an open source project can offer with the importance and resource of a large one. As a result we have a detailed report about the vulnerability, exploit attempts and event people shouting at each other during the patching process.
What can we learn from this? That no server is secure, and that patching is hard.
Additional information:
- Bugzilla Bug 187971 - Gentoo Website Command Injection Issue [Gentoo, Aug 7 2007]
- Analysis and Timeline of the Nuthatch exploitation attempts [Gentoo, ]
- Log of all usages of the exploit [Gentoo, ]
- Gentoo cuts key parts of itself from net for its own good [The Register, Aug 17 2007]
