Slashdot Mirror
Gnome.org Compromised?
Garden GNOME writes "The GNOME sysadmin team has just announced that the main GNOME web server has probably been intruded into, leading to the shutdown of the GNOME website, (including bugzilla.gnome.org, art.gnome.org and developer.gnome.org). The GNOME mailing lists, and CVS servers seem to be up, though the FTP server was immediately taken down as a precautionary measure (released sources are believed to be intact). This is bad, because GNOME 2.6 was supposed to be released tomorrow. Let's hope it is a false alarm."
We've discovered evidence of an intrusion on the server
hosting www.gnome.org and other gnome.org websites.
At the present time, we think that the released gnome
sources and the gnome source code repository are unaffected.
We are investigating further and will provide updates
as we know more. We hope to have the essential services
hosted on the affected machine up and running again as soon
as possible.
The GNOME sysadmin team
23 March 2003
must.. resist.. temptation to moderate...
I wonder if they are running a Debian based or Debian itself, and Debian has another hole in it.
Funny. Too bad that was just a regular kernel hole, not one special to Debian's kernel. Any other distros can simply count themselves lucky the attackers didn't choose them.
More info will appear as the forensics are done.
But to emphasize: cvs.gnome.org is a seperate system
The script used to upload files to the master FTP site also mailed MD5 sums to a mailing list hosted on another machine. That script doesn't appear to have been altered (to insert a backdoor, the script would need to repack the tarballs with an exploit on the fly), so the MD5 sums from that mailing list should be reliable.