[Gllug] Debian servers compromised
Simon A. Boggis
simon at dcs.qmul.ac.uk
Wed Dec 3 01:58:17 UTC 2003
On Tue, 2003-11-25 at 22:37, Nix wrote:
> On Sun, 23 Nov 2003, Chris Bell spake:
> > There were some updated packages listed as -proposed-updates on some
> > mirrors which I am unable to access at present. It looks like there is a
> > lot of serious checking going on.
>
> See <http://www.wiggy.net/debian/status/>
For those that haven't seen this (and are interested in this sort of
stuff):
"Debian Investigation Report after Server Compromises"
http://lists.debian.org/debian-announce/debian-announce-2003/msg00003.html
More importantly for everyone else, most "vendors"/distros have released
patched kernels since the weekend in the light of the above - the two I
deal with routinely both did so yesterday:
Debian:
http://lists.netsys.com/pipermail/full-disclosure/2003-December/014366.html
(don't think the debian mailing lists have this visible in them yet,
due to list-server machines taken down).
RedHat: https://rhn.redhat.com/errata/RHSA-2003-392.html
If you run a shared login box (or one where someone you don't trust
might get local access) you should patch your kernel or update to a
vendor patched one ASAP.
Simon
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list