Linux distributor Debian reported Friday afternoon that some of its servers have been compromised since Thursday. The alert, posted to several security and Linux mailing lists, stresses that its archive had not been hacked, sparing thousands of installations a potential security nightmare.
Debian said its bug-tracking system (master), mailing lists (Murphy), Web and CVS servers (gluck) and its security and search servers (klecker) have been affected and are currently not available, or have been moved to debian.org.
"We have decided to move only the main Web server to a different machine and work on reinstalling the machines instead of wasting time on moving services," said Debian developer Martin Schulze. "The list service and the security archive service will probably be among the first being up again. [But only] after the [respective] machines are reinstalled and services re-integrated. I'm unable to predict a date [when]."
The attack was discovered on Thursday and Schulze said Debian is waiting for an evaluation of forensic evidence before it reveals the type of attack and whether it exploited a known or unknown vulnerability.
"We discovered strange behavior on one server on Thursday and took it down for maintenance since we thought it was a result of potential severe hardware problem that we needed to inspect," Schulze said. "After more investigation involving a different kernel, we noticed other problems and soon found out the real problem."
The security breach, the distributor's first according to Schulze, has also pushed back the latest point release for Debian GNU/Linux 3.0r2. The release was scheduled for Friday morning, but has been postponed. Debian said the update was not affected by the compromise.
"We apologize for the disruptions of some services over the next few days. We are working on restoring the services and verifying the content of our archives," Debian said in a statement.