LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Sponsored link

Vyatta – Linux & Open Source Alternative to Cisco – Advanced Routing, Firewall, VPN, QoS..
Free Download ->

Recent Features

LK2008: The values of the Linux community

LWN.net Weekly Edition for October 9, 2008

Plugging into GCC

LWN.net Weekly Edition for October 2, 2008

Ubuntu debuts its Upstream Report

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Update on compromised Debian machines

[Posted November 25, 2003 by ris]

From:  Wichert Akkerman <wichert-AT-wiggy.net>
To:  debian-devel-announce-AT-lists.debian.org
Subject:  Update on compromised Debian machines
Date:  Fri, 21 Nov 2003 17:47:31 +0100

After a long day and night we are getting a reasonable overview of
what happened to the various Debian servers and what we need to do
to get everything up and running again. This mail has an overview
of the current status and what will happen in the next few days.

Lets start with the current status: four machines (gluck, klecker, master
and murphy) are known to be compromised. All services on those machines
have been shut down or moved to different machines so we can take
the necessary time to determine what happened and restore the machines.
Shell access to quantz (which hosts alioth, arch and svn.debian.org) has
also been shut down for the moment as a preventive measure.

All accounts have been locked as a safety precaution. If you have or had
access to a Debian machine and were using the same password on other
machines you are strongly advised to change it as soon as possible. 
When the cleanup is done all passwords will be invalidated and accounts
unlocked and people can request a new password through the email robot
on db.debian.org .

We expect to need until Wednesday and ask for your patience until then.
Afterwards when we have all the facts we will explain what exactly happened
and how we hope to prevent this from happening again in the future.

Wichert.

-- 
Wichert Akkerman <wichert@wiggy.net>    It is simple to make things.
http://www.wiggy.net/                   It is hard to make things simple.
(Log in to post comments)

Update on compromised Debian machines

Posted Nov 25, 2003 22:32 UTC (Tue) by ballombe (subscriber, #9523) [Link]

As the date (Fri, 21 Nov 2003 17:47:31 +0100) show, this document is outdated.

The current version is available at http://www.wiggy.net/debian/status and is dated Tue, 25 Nov 2003 13:53:07 UTC.

This is due to a bad timing: Wichert sent the email after the Debian server handling the debian-devel-announce mailing list was shutdown for reinstallation. So the email was queued and get delivered only today, when the server is back in service.

Update on compromised Debian machines

Posted Nov 26, 2003 1:21 UTC (Wed) by proski (subscriber, #104) [Link]

There have been no updates in Debian unstable in the last days (http.us.debian.org). apt-get cannot connect to people.debian.org (I'm using unofficial XFree86 4.3.0 packages from it).

I tried the reverse DNS lookup and it appears that people.debian.org is gluck, which explains why it's down. Lack of updates can probably be explained by the fact that the developers' accounts are locked.

Update on compromised Debian machines

Posted Nov 26, 2003 10:22 UTC (Wed) by stuart (subscriber, #623) [Link]

Indeed....as the previous poster's link indicates.

Stu.

Copyright © 2003, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds