More Info on Debian.org Security Breach

Posted by michael on Thursday November 27, 2003 @05:19PM from the inspector-clouseau dept.

mbanck writes "James Troup (part of the Debian System administration team) has published more information on the recent compromise of four debian.org machines. The attack vector seemed to be a sniffed password of an unprivileged account, from which the attacker somehow managed to gain root and install the suckit rootkit and crack the other machines. As the machines were fairly uptodate with respect to security, an as-of-yet unknown local root exploit might be in the wild, so keep an eye on your boxen.Note that the main ftp archive running on a sparc machine was not compromised, so the exploit might not yet be ported to non-i386 architectures."

3 of 545 comments (clear)

Min score:

Reason:

Sort:

SELinux by Anonymous Coward · 2003-11-27 18:00 · Score: 1, Redundant

SELinux would likely have prevented the root exploit from allowing this individual from doing as much harm as was done. I think that it's time for the big names like Debian, Slackware, Red Hat etc to start implementing it on their network connected machines. It's being incorporated into the stock kernel for a reason. Use it!
Re:Boxen.. by Qrlx · 2003-11-27 18:01 · Score: 1, Redundant

I thought Debian was the plural. In singular form it's Debius.
Debian.org Security Breach by t0ny · 2003-11-27 18:52 · Score: 0, Redundant

Makes me glad my network is running Windows!

--
Manipulate the moderator system! Mod someone as "overrated" today.