On CBS MoneyWatch: 5 Things You Should Buy at Walmart
BNET Business Network:
BNET
TechRepublic
ZDNet
65 TalkBacks

By Patrick Gray
Posted on ZDNet News: Dec 4, 2003 2:20:00 PM

Hackers have forced the Gentoo Linux project to take a server offline

The attack and subsequent compromise comes after several machines belonging to the Debian Linux project were breached by attackers last month. A forensic analysis of the Debian machines revealed that no software packages or source code offered for download were affected--a claim now being made by Gentoo.


Get Up to Speed on...
Open source
Get the latest headlines and
company-specific news in our
expanded GUTS section.

The maintainers of the Gentoo Linux distribution released a statement that describes the incident: "One of the servers that makes up the rsync.gentoo.org rotation was compromised via a remote exploit," it reads. "The compromised system had both an IDS and a file integrity checker installed and...we are reasonably confident that the portage tree stored on that box was unaffected."

The Gentoo team claimed that the breach was detected within approximately 1 hour.

"During this time, approximately 20 users synchronized against the portage mirror stored on this box. The method used to gain access to the box remotely is still under investigation. We will release more details once we have ascertained the cause of the remote exploit," the statement said.

The machine didn't actually belong to the project. It was donated by a sponsor, whose identity so far undisclosed.


Get Up to Speed on...
Enterprise security
Get the latest headlines and
company-specific news in our
expanded GUTS section.

The Debian project servers were compromised by a previously unknown local vulnerability in the Linux kernel which has since been identified and rectified by a patch.

Patrick Gray of ZDNet Australia reported from Sydney.

SponsoredWhite Papers, Webcasts, and Downloads

  • Talkback
  • Most Recent of 65 Talkback(s)
It was an evil M$ spell
LINUX is untouchable, this is MICRO$OFT fault. It may have release an evil spell on the server, Linux has no bugs, it is bill gates fault...... (Read the rest)
Posted by: theraven_z Posted on: 06/27/05 You are currently: a Guest | | Terms of Use
Hacked Linux?  Octol | 12/04/03
Nothing like a little schadenfreude...  frgough@... | 12/04/03
What's the matter?  John Dulles | 12/04/03
what medicine?  ryusen | 12/04/03
Hmmm . . . SCO maybe ?  meveridge_z | 12/06/03
pst  stephen732@... | 12/04/03
It was the "admin's" fault...  GRindinAxTaRupy | 12/04/03
Unknown my foot  John Dulles | 12/04/03
puma ignoramus  nikoli | 12/04/03
Did you smoke ...  dopeshow | 12/04/03
Re: Hacked Linux?  Martin Marvinski | 12/04/03
reputable linux user?  nikoli | 12/04/03
really?  ryusen | 12/04/03
sorry  engel000 | 12/05/03
Hacked Linux? Yes  Clete2 | 12/09/03
oops  Clete2 | 12/09/03
It was an evil M$ spell  theraven_z | 06/27/05
The bigger the target...  No_Ax_to_Grind | 12/04/03
Then why isn't apache hacked...  GRindinAxTaRupy | 12/04/03
Uh huh...  No_Ax_to_Grind | 12/04/03
m$ #1  stephen732@... | 12/04/03
Gentoo runs Windows????  No_Ax_to_Grind | 12/04/03
Then what...  GRindinAxTaRupy | 12/04/03
You certainly are something "GRindinAxTaRupy"  toadlife | 12/04/03
Yes, Linux has vunerabilities.  nucrash | 12/04/03
Re: Yes, Linux has vunerabilities.  Martin Marvinski | 12/04/03
Missed the point of that post  GRindinAxTaRupy | 12/04/03
That doesn't surprise anyone...  No_Ax_to_Grind | 12/04/03
Gee Bit..thought condescending snotty replies...  GRindinAxTaRupy | 12/04/03
For my coat tail riders I make an exception.  No_Ax_to_Grind | 12/04/03
No credible argument?  toadlife | 12/04/03
How many bugs in IIS  jasonp@... | 12/04/03
What a sad excuse.  dopeshow | 12/04/03
As i said before:  ryusen | 12/04/03
Yes!  John Le'Brecage | 12/04/03
Correction...  John Le'Brecage | 12/04/03
Had to be the Administrator, its not an OS issue  FilledOut | 12/04/03
More than likely..  vdraken | 12/04/03
Yes, it is the rsync!  dopeshow | 12/04/03
Never had a need to.  vdraken | 12/04/03
Linux being hacked  crocd | 12/04/03
Because they can.  vdraken | 12/04/03
usually though,  ryusen | 12/04/03
It's because  John Dulles | 12/04/03
Yes indeed...  No_Ax_to_Grind | 12/04/03
Yes indeed  GRindinAxTaRupy | 12/04/03
Not sure of the #'s  Suicida| | 12/07/03
cheap thrill  crocd | 12/04/03
Vulnerable Linux vs. Multi-Billion $$$ MS Antics  michael-t | 12/04/03
Don't blame us, the other guy is worse?  No_Ax_to_Grind | 12/04/03
don't usually agree with you but...  nikoli | 12/04/03
Correction Needed?  michael-t | 12/04/03
Best Practice = Best Answer  michael-t | 12/04/03
compromised to a LESSER degree than Linux...  toadlife | 12/04/03
*BSD is Unix  michael-t | 12/04/03
Rearrange  Yagotta B. Kidding | 12/04/03
It is impossible  michael-t | 12/04/03
Nitpick all you want but  toadlife | 12/04/03
Unix vs *BSD vs Linux  michael-t | 12/04/03
Be fair  Rokstar83 | 12/05/03
The Ultimate Security Tool  nucrash | 12/04/03
Interesting Point  michael-t | 12/04/03
So is OS X Server now the only....  mlindl | 12/05/03
michael-t  noShut_z | 12/05/03
Thanks  michael-t | 12/05/03

What do you think?

advertisement
advertisement

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here