Slashdot Mirror

← Back to Stories (view on slashdot.org)

Gnome.org Compromised?

Posted by michael on from the somebody-needs-to-get-stomped dept.

Garden GNOME writes "The GNOME sysadmin team has just announced that the main GNOME web server has probably been intruded into, leading to the shutdown of the GNOME website, (including bugzilla.gnome.org, art.gnome.org and developer.gnome.org). The GNOME mailing lists, and CVS servers seem to be up, though the FTP server was immediately taken down as a precautionary measure (released sources are believed to be intact). This is bad, because GNOME 2.6 was supposed to be released tomorrow. Let's hope it is a false alarm."

9 of 512 comments (clear)

  1. text copy by Anonymous Coward · · Score: 5, Informative

    We've discovered evidence of an intrusion on the server
    hosting www.gnome.org and other gnome.org websites.
    At the present time, we think that the released gnome
    sources and the gnome source code repository are unaffected.

    We are investigating further and will provide updates
    as we know more. We hope to have the essential services
    hosted on the affected machine up and running again as soon
    as possible.

    The GNOME sysadmin team
    23 March 2003

  2. Re:Another Debian Hole? by eloki · · Score: 5, Informative

    must.. resist.. temptation to moderate...

    I wonder if they are running a Debian based or Debian itself, and Debian has another hole in it.

    Funny. Too bad that was just a regular kernel hole, not one special to Debian's kernel. Any other distros can simply count themselves lucky the attackers didn't choose them.

  3. Silliness aside cvs and www are seperate by Alan+Cox · · Score: 3, Informative

    The Gnome team didn't mix all the web sites (where user custom shell scripts are always a risk) with the cvs box.

  4. Re:More info by Alan+Cox · · Score: 5, Informative

    More info will appear as the forensics are done.

    But to emphasize: cvs.gnome.org is a seperate system

  5. Re:CRC by JamesHenstridge · · Score: 4, Informative

    The script used to upload files to the master FTP site also mailed MD5 sums to a mailing list hosted on another machine. That script doesn't appear to have been altered (to insert a backdoor, the script would need to repack the tarballs with an exploit on the fly), so the MD5 sums from that mailing list should be reliable.

  6. Re:Windows joke by Eberlin · · Score: 3, Informative

    As far as I know, that only applies to security breaches that lead to a leak of personal information. Even then, if disclosure would impede any form of investigation, people did not have to say anything at all.

    So technically, even if it DID happen, people can dance around it all they want.

  7. Re:More info by Alan+Cox · · Score: 3, Informative

    Its also on a seperate switched port 8)

  8. Re:Windows joke by simonfairfax · · Score: 3, Informative

    I was just reading Unix Unleashed and they claimed that when a vulneranbility in some sort of TCP/IP stack code that everyone used was discovered a while ago, the Linux community took less than 3 hrs. to release a working patch.

  9. Re:More info by Alan+Cox · · Score: 3, Informative

    I do know. I think I may even have been the first person to post a good explanation of how to sniff switched networks to bugtraq in fact 8)

    There was arp monitoring stuff running too