Debian servers hacked, archive safe

Article

Debian servers hacked, archive safe

Michael S. Mimoso, SearchEnterpriseLinux.com News Editor

Linux distributor Debian reported Friday afternoon that some of its servers have been compromised since Thursday. The alert, posted to several security and Linux mailing lists, stresses that its

    Requires Free Membership to View

    Login

    When you register, my team of editors will also send you resources covering Linux administration and management; integration and interoperability between Linux, Windows and Unix; securing Linux and mixed-platform environments; and migrating to Linux.

    Cathleen A. Gagne, Senior Editorial Director

    By submitting your registration information to SearchEnterpriseLinux.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchEnterpriseLinux.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

archive had not been hacked, sparing thousands of installations a potential security nightmare.

Debian said its bug-tracking system (master), mailing lists (Murphy), Web and CVS servers (gluck) and its security and search servers (klecker) have been affected and are currently not available, or have been moved to debian.org.

"We have decided to move only the main Web server to a different machine and work on reinstalling the machines instead of wasting time on moving services," said Debian developer Martin Schulze. "The list service and the security archive service will probably be among the first being up again. [But only] after the [respective] machines are reinstalled and services re-integrated. I'm unable to predict a date [when]."

The attack was discovered on Thursday and Schulze said Debian is waiting for an evaluation of forensic evidence before it reveals the type of attack and whether it exploited a known or unknown vulnerability.

"We discovered strange behavior on one server on Thursday and took it down for maintenance since we thought it was a result of potential severe hardware problem that we needed to inspect," Schulze said. "After more investigation involving a different kernel, we noticed other problems and soon found out the real problem."

The security breach, the distributor's first according to Schulze, has also pushed back the latest point release for Debian GNU/Linux 3.0r2. The release was scheduled for Friday morning, but has been postponed. Debian said the update was not affected by the compromise.

"We apologize for the disruptions of some services over the next few days. We are working on restoring the services and verifying the content of our archives," Debian said in a statement.