[H-GEN] [Fwd: [SECURITY] Some Debian Project machines have been compromised]
Bruce Campbell
bc at humbug.org.au
Tue Dec 2 06:02:19 EST 2003
[ Humbug *General* list - semi-serious discussions about Humbug and ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]
On Tue, 25 Nov 2003, Stuart Longland wrote:
> Sarah Hollings wrote:
> > I think they have a few boxen down - cant get to lists.debian.org right
> > now.
> Explains the bounce message I had when sending to
> debian-mips at lists.debian.org. Hopefully they'll get back on the road again.
>
> There's been a few breakin attempts lately ... I think we'll need to
> keep a close lookout ;-)
As seen starting to be emitted from the various CERTs (this from JANET):
---
In particular importance for any sites running multiuser Linux boxes. A
kernel exploit has been identified which can be used by a local userland
process to gain access to the full kernel address space. It was this
exploit which was used last month to compromise the Debian servers.
Kernel versions before 2.4.23 are vulnerable.
A number of Linux distributions have released updating kernels to fix
this bug. They include:
http://lists.debian.org/debian-security-announce/debian-security-announce-2003/msg00212.html
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:110
http://rhn.redhat.com/errata/RHSA-2003-392.html
Exploits are apparently available. JANET-CERT would be interested to
hear from any sites who believe they have machine compromised using this
exploit.
---
As always, verify any information that you receive for yourself.
--==--
Bruce.
_______________________________________________
General mailing list
General at lists.humbug.org.au
http://lists.humbug.org.au/cgi-bin/mailman/listinfo/general
More information about the General
mailing list