“The intruders originally gained easy access via FTP, discovered
a plethora of world-writable directories (tsk, tsk), and installed
a simple BIND shell which they could execute remotely via Telnet
and from which they learned what services were running and the
contents of most directories.”
“Apache.org was running the BugZilla bug-tracking software,
which requires a Mysql account. They found Mysql available locally
and running as user root, though the BugZilla documentation warns
against running Mysql as root.”
“The intruders, who go by the aliases {} and
Hardbeat, showed a bit of purist pride. “We didn’t wanted [sic] to
use any buffer overflow or some lame exploit; [our] goal was to
reach root with only configuration faults,” they
explained.”