Re: Debian servers "hacked"?
Sorry,
wrong copy/paste....
http://cert.uni-stuttgart.de/files/fw/debian-security-20031121.txt
is the right
>>>> [Note: The original announcement didn't have a GnuPG
>>>> signature.]
On (21/11/03 14:15), Jan Wagner wrote:
> On Friday 21 November 2003 13:58, Bueno wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > - ------------------------------------------------------------------------
> > The Debian Project http://www.debian.org/
> > Some Debian Project machines compromised press@debian.org
> > November 21st, 2003
> > - ------------------------------------------------------------------------
> >
> > Some Debian Project machines have been compromised
> >
> > This is a very unfortunate incident to report about. Some Debian
> > servers were found to have been compromised in the last 24 hours.
> >
> > The archive is not affected by this compromise!
> >
> > In particular the following machines have been affected:
> >
> > . master (Bug Tracking System)
> > . murphy (mailing lists)
> > . gluck (web, cvs)
> > . klecker (security, non-us, web search, www-master)
> >
> > Some of these services are currently not available as the
> > machines
> > undergo close inspection. Some services have been moved to
> > other
> > machines (www.debian.org for example).
> >
> > The security archive will be verified from trusted sources
> > before it
> > will become available again.
> >
> > Please note that we have recently prepared a new point release
> > for
> > Debian GNU/Linux 3.0 (woody), release 3.0r2. While it has not
> > been
> > announced yet, it has been pushed to our mirrors already. The
> > announcement was scheduled for this morning but had to be
> > postponed.
> > This update has now been checked and it is not affected by the
> > compromise.
> >
> > We apologise for the disruptions of some services over the next
> > few
> > days. We are working on restoring the services and verifying
> > the
> > content of our archives.
> >
> >
> > Contact Information
> > - -------------------
> >
> > For further information, please visit the Debian web pages at
> > <http://www.debian.org/> or send mail to <press@debian.org>.
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.2.3 (GNU/Linux)
> >
> > iD8DBQE/vfsJW5ql+IAeqTIRApjYAJ4v6QK07nyNNyBCvsosorej3cwMHACfZcLt
> > PwFJYJu8w1rU64Z82ddF6LY=
> > =If2b
> > -----END PGP SIGNATURE-----
> >
> >
> >
> > On (21/11/03 13:13), Jan Wagner wrote:
> >
> > > On Friday 21 November 2003 12:38, Thomas Sjögren wrote:
> > >
> > > > Anyone to shed some light over this?
> > > >
> > > > "Someone has cracked all the servers of the Debian Project. There has
> > > > been a severe security mishap and guys should uninstall all stuff
> > > > downloaded and installed in the past 2 days. Please do not apt-get
> > > > anything right now! Please wait till an `official' release happens!"
> > > > http://article.gmane.org/gmane.linux.debian.user/117910
> > > >
> > > > Server security mishap - you think?!
> > >
> > >
> > > http://luonnotar.infodrom.org/~joey/debian-announce.txt
>
> Seems you didn´t read this.
>
> Regard, Jan.
--
Bueno, Felippe
<bueno@hal.vu>
http://www.hal.vu
Reply to: