Weekly Edition
Return to the Distributions page
| |||||||||||
Debian server compromise
Last Wednesday it was discovered that
gluck.debian.org had been compromised. Several Debian services, hosted on
gluck, were unavailable while that machine was taken offline for
examination and reinstall. Other debian.org machines were also locked down
until the vulnerability could be found and fixed.
Gluck and other machines were restored to service by the following day. A local root vulnerability in the Linux kernel was used to gain root access through a compromised developer account. This issue exists in Linux kernels from 2.6.13 and up to 2.6.17.3, or in 2.6.16 up to 2.6.16.23. Debian Sarge uses Linux kernel 2.6.8 and is not affected. (Log in to post comments)
Debian server compromise Posted Jul 20, 2006 13:38 UTC (Thu) by freeio (guest, #9622) [Link] "This issue exists in Linux kernels from 2.6.13 and up to 2.6.17.3, or in 2.6.16 up to 2.6.16.23. Debian Sarge uses Linux kernel 2.6.8 and is not affected."
I just did a fresh install of Debian Sarge from the network install CDROM, and what I got does not look like 2.6.8. Look here:
tiny:/proc# cat version
Debian server compromise Posted Jul 20, 2006 14:20 UTC (Thu) by cjwatson (subscriber, #7322) [Link] Sarge offers both 2.4 and 2.6 options; booting with 'linux26' at the installer's boot prompt will install 2.6.
Debian server compromise Posted Jul 25, 2006 13:52 UTC (Tue) by madscientist (subscriber, #16861) [Link] The thing that makes me wonder is that gluck and other critical Debian servers must not be running Debian "stable", since that is not vulnerable. It seems strange to me that the basic Debian infrastructure can't get by with "stable"... I wonder what's the reason for running unstable releases on these very important servers?
|
|||||||||||