Gentoo Servers compromised (For Shrekkie)

View Poll Results: How dangerous is OpenSite?

5. You may not vote on this poll
  • Not Dangerous.

    1 20.00%
  • Not Very Dangerous.

    4 80.00%
  • Moderate.

    0 0%
  • Will destroy your PRIVACY!

    0 0%
Multiple Choice Poll.
Results 1 to 4 of 4

Thread: Gentoo Servers compromised (For Shrekkie)

  1. #1
    Senior Member gore's Avatar
    Join Date
    Oct 2002

    Talking Gentoo Servers compromised (For Shrekkie)

    Looks like the Gentoo Linux servers had a lil break in:

    For once the media got the word right!!!!

    Crackers Strike Gentoo Linux Server, Code Unharmed

    In the latest of what is becoming a string of high-profile attacks on Linux , someone broke into one of the servers used to distribute versions of Gentoo Linux on Tuesday.

    Officials at Gentoo Technologies Inc. on Wednesday posted a message in the company's online forums detailing the attack. The executives sought to reassure users and said they don't believe that the code stored on the server was affected by the compromise. The server is owned by a third party, which uses it to perform other tasks in addition to storing the Gentoo code.

    The officials said the box is one of several that are part of a rotation of servers used to synchronize and update users' versions of Gentoo. The company uses a unique technology known as portage, which allows users to download new packages and updates to the operating system by synchronizing their machines against the current build housed on the Gentoo servers. The company removed the compromised server from the rotation.

    The attack on Gentoo follows closely a similar compromise in late November of a server belonging to the Debian Project, which produces another distribution of Linux. And earlier this fall, someone tried to insert a back door into the Linux kernel itself, although that attempt was stopped.

    Gentoo officials said that the compromised server has both an intrusion detection system and a file-integrity checker installed on it.

    "We have a very detailed forensic trail of what happened once the box was breached, so we are reasonably confident that the portage tree stored on that box was unaffected," the company said in its message to users.

    The attacker apparently installed a rootkit on the server and then deleted a few files to cover his tracks.

  2. #2
    Trumpet-Eared Gentoo Freak
    Join Date
    Jan 2003
    oh dear ...

    First time gentoo gets real cracked , hrmmm i wander what suse's statistics are on this
    I saw it gore, but thnx for posting ...

    Come and check out our wargame-site @
    We chat @ #lobby

  3. #3
    There have been some more compromises (I did not see them here actually)
    On December 1st, 2003, we discovered that the "Savannah" system, which is maintained by the Free Software Foundation and provides CVS and development services to the GNU project and other Free Software projects, was compromised at circa November 2nd, 2003.
    November 21st, 2003
    Some Debian Project machines have been compromised

    This is a very unfortunate incident to report about. Some Debian
    servers were found to have been compromised in the last 24 hours.

    These are the ones (including the gentoo) that have been discovered so far.
    It is likely that it has something to do with the recent kernel bug.
    I suggest linux users to keep an eye on their distro's mailing list

  4. #4
    Trumpet-Eared Gentoo Freak
    Join Date
    Jan 2003
    Actually lot of distros seem to be vulnerable for that rsync buffer overflow .

    Take a look on the left under Linux advisories :
    Come and check out our wargame-site @
    We chat @ #lobby

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts