Debian server hacked

"Early this morning we discovered that someone had managed to compromise gluck.debian.org," Debian developer James Troup wrote in an e-mail to the Debian community shortly before 4am AEST.

"We've taken the machine offline and are preparing to reinstall it," Troup continued, noting a number of key services were currently offline as a result.

The developer said Debian had initiated a security lock-down on most of its other servers, enforcing limited access to the resources.

"We're still investigating exactly what happened and the extent of the damage. We'll post more info as soon as we reasonably can," Troup said.

Troup added Debian would commence securing its other servers from "what we suspect is the exploit used to compromise gluck".

The embarassing security breach is not the first for Debian.

In November 2003 several of Debian's servers were similarly compromised and pulled offline. Troup was also one of the key developers investigating that incident.

ZDNet Australia has requested comment from the Debian Project about this morning's security breach.

• Related stories

• Alerts

Add your opinion

Well... asa -- 14/07/06 (in reply to #120137963)

2003 was the year of the last known attack to Debian ?....Now is 2006...almost 3 years... To me this sounds OK..NO systems is perfect...Also how many time do we hear others disclosing that they had been hacked and the steps they took to fix it ?
To me this speaks good on Debian side.

• Reply to comment
• Report offensive content

Well... Posted by: asa Posted on: 14/07/06 Story: Debian server hacked 2 Renai LeMay -- 20/07/06 (in reply to #120137964)

Hi Asa,

of course, nobody's saying that Debian is not pretty secure! I've used it myself in various forms for many years. I also use every other operating system, of course.

I agree that Debian did a good job disclosing this as soon as possible.

Cheers,

Renai

• Reply to comment
• Report offensive content

Ubuntu users vulnerable? Chris Jackson -- 14/07/06

What does this mean for all the Debian variants out there?

• Reply to comment
• Reply to story
• Report offensive content

Fixes for ubuntu are available Anonymous -- 19/07/06 (in reply to #120137983)

If you look for informations about CVE-2006-2451
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2451

You'll see that there are fixes for ubuntu available
http://www.ubuntu.com/usn/usn-311-1

Just my 2 (euro)cents

Ch.

• Reply to comment
• Report offensive content

Well... John -- 14/07/06

I thought Open Source OS's were no subject to the flaws Microsoft OS's were vulnerable to, because many eyes made it impossible to get bad code into the public domain, and strict/deep testing, and of course far more secure by build and deployment, with superior administrators.

What is most scarey is the fact it was an internal server, so the hacker must have compromised multiple boxes to get internal.

Yes this is very toung in cheek but this does amplify what gets said in multiple feedback spaces here on zdnet when Microsoft talks about security

• Reply to comment
• Reply to story
• Report offensive content

Re: Well ... Renai LeMay -- 20/07/06 (in reply to #120137986)

Hi John,

as Asa says above, no operating system is perfect :)

All of the proprietary and open source operating systems have security flaws from time to time.

All we can do is highlight them as soon as possible so that they get fixed quickly.

Having a good admin to patch production boxes frequently is the most important thing, in my opinion.

Cheers,

Renai
News Journalist
ZDNet Australia

• Reply to comment
• Report offensive content

"admitted" ??? Anonymous -- 14/07/06

No Renai, James INFORMED the Debian community (there is a difference, you know).

The intrusion happened the day before by using an developer account with a weak password. The attacker used a kernel vulnerability that can be found in a few kernels before 2.6.17.4. The machine was hacked at 02:43 UTC and taken down at 04:30 UTC by Debian admins. A couple of other Debian servers have been locked down for investigation but it looks like the attacker didn't have time for further damage. No archive has been compromised (and this is important). And boy, isn't it refreshing to see this much openness!

So, in short, a classic hack: weak passwords and an elevation to root privilege by kernel vulnerablility. So, as always: keep those machines upgraded.

Jaap

• Reply to comment
• Reply to story
• Report offensive content

Excellent reply TNK -- 15/07/06 (in reply to #120138031)

There is a HUGE difference in what Debian did and what Microsoft/MS shops do when they get hacked.

I'd imagine this was a wakeup call for their developers to re-think their password policies, but I am curious if their current password policies were configured too lax. Any insight?

• Reply to comment
• Report offensive content

Re: Excellent reply Renai LeMay -- 20/07/06 (in reply to #120138064)

I'm not exactly sure what Microsoft would have done in this case - I'd have to ask them.

But I did e-mail both James Troup and Debian project leader Anthony Towns asking for comment on this issue, and got no response.

If this happened to MS, I would have contacted them the same way - no special treatment :)

Kind regards,

Renai LeMay
(the author)
News Journalist
ZDNet Australia

• Reply to comment
• Report offensive content

Admitted Renai LeMay -- 20/07/06 (in reply to #120138031)

hi Jaap,

thanks for your feedback on this article! I used the word "admitted", because it is obviously embarassing for Debian to be caught with its pants down like this.

Debian, like any other operating system (MS, Linux, BSD, Solaris, AIX etc) has its flaws from time to time.

I would have used the same word if any other vendor had been compromised.

Having said that, I would say it's quite admirable that Debian informed its developer community so quickly of the breach.

Kind regards,

Renai LeMay
News Journalist
ZDNet Australia

• Reply to comment
• Report offensive content

• Just In

• Most Popular

• Most Discussed

Reader Services

Popular Topics

Essentials