Hi How worried should I be? Do you think it is OK to wait for an official Debian packaged kernel or should I download some tonight from kernel.org and compile myself?
/Gudjon > > > ---------- Missatge transmès ---------- > > Subject: Debian Server restored after Compromise > Date: Dijous 13 Juliol 2006 19:54 > From: Martin Schulze <[EMAIL PROTECTED]> > To: Debian News Channel <[email protected]> > > ------------------------------------------------------------------------ > The Debian Project http://www.debian.org/ > Debian Server restored after Compromise [EMAIL PROTECTED] > July 13th, 2006 http://www.debian.org/News/2005/20060713 > ------------------------------------------------------------------------ > > Debian Server restored after Compromise > > One core Debian server has been reinstalled after a compromise and > services have been restored. On July 12th the host gluck.debian.org > has been compromised using a local root vulnerability in the Linux > kernel. The intruder had access to the server using a compromised > developer account. > > The services affected and temporarily taken down are: cvs, ddtp, > lintian, people, popcon, planet, ports, release. > > > Details > ------- > > At least one developer account has been compromised a while ago and > has been used by an attacker to gain access to the Debian server. A > recently discovered local root vulnerability in the Linux kernel has > then been used to gain root access to the machine. > > At 02:43 UTC on July 12th suspicious mails were received and alarmed > the Debian admins. The following investigation turned out that a > developer account was compromised and that a local kernel > vulnerability has been exploited to gain root access. > > At 04:30 UTC on July 12th gluck has been taken offline and booted off > trusted media. Other Debian servers have been locked down for further > investigation whether they were compromised as well. They will be > upgraded to a corrected kernel before they will be unlocked. > > Due to the short window between exploiting the kernel and Debian > admins noticing, the attacker hadn't had time/inclination to cause > much damage. The only obviously compromised binary was /bin/ping. > > The compromised account did not have access to any of the restricted > Debian hosts. Hence, neither the regular nor the security archive had > a chance to be compromised. > > An investigation of developer passwords revealed a number of weak > passwords whose accounts have been locked in response. > > The machine status is here: <http://db.debian.org/machines.cgi> > > > Kernel vulnerability > -------------------- > > The kernel vulnerability that has been used for this compromise is > referenced as CVE-2006-2451. It only exists in the Linux kernel > 2.6.13 up to versions before 2.6.17.4, and 2.6.16 before 2.6.16.24. > The bug allows a local user to gain root privileges via the > PR_SET_DUMPABLE argument of the prctl function and a program that > causes a core dump file to be created in a directory for which the > user does not have permissions. > > The current stable release, Debian GNU/Linux 3.1 alias 'sarge', > contains Linux 2.6.8 and is thus not affected by this problem. The > compromised server ran Linux 2.6.16.18. > > If you run Linux 2.6.13 up to versions before 2.6.17.4, or Linux > 2.6.16 up to versions before 2.6.16.24, please update your kernel > immediately. > > > About Debian > ------------ > > Debian GNU/Linux is a free operating system, developed by more than > thousand volunteers from all over the world who collaborate via the > Internet. Debian's dedication to Free Software, its non-profit nature, > and its open development model make it unique among GNU/Linux > distributions. > > The Debian project's key strengths are its volunteer base, its dedication > to the Debian Social Contract, and its commitment to provide the best > operating system possible. > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > > ------------------------------------------------------- > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
