Hi all,
On Sunday, PHP programming language developer and maintainer Nikita Popov said that two malicious commits were added to the php-src repository in both his and the name of PHP creator Rasmus Lerdorf.
The malicious commits, which appeared to be signed off under the names of Popov and Lerdorf (1,2), were masked as simple typographical errors that needed to be resolved. The code appears to be designed to implant a backdoor and create a scenario in which remote code execution (RCE) may be possible. Popov said the development team is unsure exactly how the attack occurred, but clues indicate that the official git.php.net server was likely compromised rather than individual Git accounts.
Following this incident, PHP maintainers have decided to migrate the official PHP source code repository to GitHub as a precaution.
On Sunday, PHP programming language developer and maintainer Nikita Popov said that two malicious commits were added to the php-src repository in both his and the name of PHP creator Rasmus Lerdorf.
The malicious commits, which appeared to be signed off under the names of Popov and Lerdorf (1,2), were masked as simple typographical errors that needed to be resolved. The code appears to be designed to implant a backdoor and create a scenario in which remote code execution (RCE) may be possible. Popov said the development team is unsure exactly how the attack occurred, but clues indicate that the official git.php.net server was likely compromised rather than individual Git accounts.
Following this incident, PHP maintainers have decided to migrate the official PHP source code repository to GitHub as a precaution.