Advertisement
Home arrow ITsec News arrow Debian.org hacked - UPDATE
Friday, 05 September 2008
  
 
Last week attacks
O.S.  Defs.  %
Linux  7154  66.99%
Win 2003  3088  28.91%
FreeBSD  225  2.11%
Win 2000  128  1.20%
SolarisSunOS  37  0.35%
Other  48  0.45%

Total attacks: 10680 of which 2638 single ip and 8042 mass defacements

Main Menu
Home
Digital Warfare
Geopolitics
ITsec News
ITsec Advisories
Test Drive
360°
Digital Attacks Archive
Zone-H events
Publications
Zone-H Friends/Partners
Contact Us
Search
Download Area
Zone-H forum
About this website
Login Form





Lost Password?
No account yet? Register
Visitors' Map
Debian.org hacked - UPDATE PDF Print E-mail
User Rating: / 16
PoorBest 
Thursday, 13 July 2006

debian-splashAn announcement was made today at Debian.org that gluck, one of several major Debian Project development computers had been compromised.

Details are sketchy but it appears that it may have been hosting the following services / repositories cvs, ddtp, lintian, people, popcon, planet, ports and release. They state they have taken the affected machine offline, as well as restricted access to other boxes on their domain pending investigation.

 ... a wolf in sheeps clothing? 

Updated - Click Read More 

 

Zone-h will be the first to speculate that the new Linux Kernel 0day exploit for PRCTL vulnerability might be responsible for this. Kernels affected by the exploit are for versions 2.6.13 through 2.6.17.4 [ as stated on one known public version of the exploit ]. The 0day is a local  privilege escalation exploit that allows a non privileged, but authenticated user to that of root.

This sounds like the most realistic and logical explanation given the fact that the machine compromised was used for development and had many contributing users with access, but with restricted privileges, to the system.

UPDATE

 Zone-h was correct in it's theory that the new Linux Kernel exploit was to blame for the recent attack. Debian.org states "At least one developer account has been compromised a while ago and has been used by an attacker to gain access to the Debian server. A recently discovered local root vulnerability in the Linux kernel has then been used to gain root access to the machine."

 

Full details have been posted by Debian.org


Comments Index (Total Messages: 10)
Amazed Written by Guest on 2006-07-13 04:21:38
Re: Amazed Written by eve on 2006-07-13 10:07:10
Re: Re: Amazed Written by Guest on 2006-07-13 23:36:27
huh? Written by Guest on 2006-07-13 13:32:32
Re: huh? Written by Guest on 2006-07-13 16:32:16
Re: Re: huh? Written by Guest on 2006-07-13 18:19:13
Re: Re: huh? Written by Guest on 2006-07-13 21:14:24
Re: Amazed Written by Guest on 2006-07-14 05:11:25
Re: Amazed Written by Guest on 2006-07-14 11:33:56
Re: Re: Amazed Written by Guest on 2006-07-14 16:59:58

Powered by a Zone-H(ified) version of AkoComment 3.0!


DISCLAIMER: Forum postings are the opinion of the posting author alone, and should not be taken as the opinion of Zone-h. The   author is entirely and solely responsible for all content that he/she uploads, posts, or otherwise transmits via the website. Zone-h is not responsible for such content. However, Zone-h shall have the right, but not the obligation, to delete, move, or edit any content that violates this agreement or is otherwise objectionable as determined by Zone-h in its sole discretion and without notice.
 
< Prev   Next >
[ Back ]
Advertisement
 
Top!
© 2008 Zone-H.org
Joomla! is Free Software released under the GNU/GPL License.
 Top!