[Tfug] More on Debian security breach
Angus Scott-Fleming
angussf at geoapps.com
Fri Nov 28 10:15:33 MST 2003
------- Included Stuff Follows -------
More Info on Debian.org Security Breach
Posted by michael on 22:19 Thursday 27 November 2003
from the inspector-clouseau dept.
mbanck writes "James Troup (part of the Debian System
administration team) has published more information on
the recent compromise of four debian.org machines. The
attack vector seemed to be a sniffed password of an
unprivileged account, from which the attacker somehow
managed to gain root and install the suckit rootkit and
crack the other machines. As the machines were fairly
uptodate with respect to security, an as-of-yet unknown
local root exploit might be in the wild, so keep an eye
on your boxen. Note that the main ftp archive running on
a sparc machine was not compromised, so the exploit
might not yet be ported to non-i386 architectures."
--------- Included Stuff Ends ---------
http://slashdot.org/article.pl?sid=03/11/28/050232
--
Angus Scott-Fleming
GeoApps, Tucson, Arizona
1-520-290-5038 / fax 1-208-248-3124
+-----------------------------------+
More information about the tfug
mailing list