Thursday, December 4
Hacked Gentoo Linux server taken offline
Globe and Mail
Hackers have forced the Gentoo Linux project to take a server offline.
The attack and subsequent compromise comes after several machines belonging to the Debian Linux project were breached by attackers last month. A forensic analysis of the Debian machines revealed no software packages or source code offered for download were affected — a claim now being made by Gentoo.
The maintainers of the Gentoo Linux distribution have released a statement which describes the incident: "One of the servers that makes up the rsync.gentoo.org rotation was compromised via a remote exploit," it reads. "The compromised system had both an IDS and a file integrity checker installed and ... we are reasonably confident that the portage tree stored on that box was unaffected."
The Gentoo team claim the breach was detected within approximately one hour.
"During this time, approximately 20 users synchronized against the portage mirror stored on this box. The method used to gain access to the box remotely is still under investigation. We will release more details once we have ascertained the cause of the remote exploit," the statement said.
The machine didn't actually belong to the project. It was donated by a sponsor, whose identity so far undisclosed.
The Debian project servers were compromised by a previously unknown local vulnerability in the Linux kernel which has since been identified and rectified by a patch.