Thursday, July 13, 2006

Core Debian server compromised

Kelly Martin writes on SecurityFocus:

A core server of the popular Debian GNU/Linux distribution was compromised recently, prompting swift response from the developer team.

A mailing list post alerted users about the compromise, which affected a number of services available to developers. A followup message on debian.org indicated the compromised server has already been restored, and that a local root vulnerability in the Linux kernel was used from a compromised developer's account. The local exploit, BID 18874 (CVE-2006-2451) allows a local user to cause a DoS (denial of service) and gain privilege escalation to root.

The report indicated that even with root access, the attacker was not able to reach restricted Debian servers containing its regular and security archives. In response to the server compromise, a password audit performed by the Debian team has apparently revealed various developer accounts with weak passwords (without public key authentication) that have since been locked.

More here.

0 Comments:

Post a Comment

<< Home