NewsForge: PostNuke Open Source CMS Attacked

“This morning the developers of the free software content
management system PostNuke posted a security announcement saying
that a vulnerability in the paFileDB download management software
allowed an attacker to put up a hacked version of PostNuke for
download. That version was live on the PostNuke download site
between Sunday at 23:50 GMT and Tuesday at 08:30 GMT. Proprietary
software zealots are always saying that open source programs are
likely to contain backdoors, but is this situation truly what they
mean when they say that?

“Everyone who downloaded the .ZIP archive of the PostNuke .750
software from downloads.postnuke.com between Sunday and Tuesday
should re-download the software and check it against off-site MD5s,
according to PostNuke’s security officer…”