[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian servers "hacked"?

	Sorry,
	wrong copy/paste....

	http://cert.uni-stuttgart.de/files/fw/debian-security-20031121.txt
	is the right

	>>>> [Note: The original announcement didn't have a GnuPG
	>>>> signature.]

On (21/11/03 14:15), Jan Wagner wrote:
> On Friday 21 November 2003 13:58, Bueno wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> > 
> > - ------------------------------------------------------------------------
> > The Debian Project                                http://www.debian.org/
> > Some Debian Project machines compromised                press@debian.org
> > November 21st, 2003
> > - ------------------------------------------------------------------------
> > 
> > Some Debian Project machines have been compromised
> > 
> > This is a very unfortunate incident to report about.  Some Debian
> > servers were found to have been compromised in the last 24 hours.
> > 
> > The archive is not affected by this compromise!
> > 
> > In particular the following machines have been affected:
> > 
> >   . master (Bug Tracking System)
> >     . murphy (mailing lists)
> >       . gluck (web, cvs)
> >         . klecker (security, non-us, web search, www-master)
> > 
> > 	Some of these services are currently not available as the
> > 	machines
> > 	undergo close inspection.  Some services have been moved to
> > 	other
> > 	machines (www.debian.org for example).
> > 
> > 	The security archive will be verified from trusted sources
> > 	before it
> > 	will become available again.
> > 
> > 	Please note that we have recently prepared a new point release
> > 	for
> > 	Debian GNU/Linux 3.0 (woody), release 3.0r2.  While it has not
> > 	been
> > 	announced yet, it has been pushed to our mirrors already.  The
> > 	announcement was scheduled for this morning but had to be
> > 	postponed.
> > 	This update has now been checked and it is not affected by the
> > 	compromise.
> > 
> > 	We apologise for the disruptions of some services over the next
> > 	few
> > 	days.  We are working on restoring the services and verifying
> > 	the
> > 	content of our archives.
> > 
> > 
> > 	Contact Information
> > 	- -------------------
> > 
> > 	For further information, please visit the Debian web pages at
> > 	<http://www.debian.org/> or send mail to <press@debian.org>.
> > 	-----BEGIN PGP SIGNATURE-----
> > 	Version: GnuPG v1.2.3 (GNU/Linux)
> > 
> > 	iD8DBQE/vfsJW5ql+IAeqTIRApjYAJ4v6QK07nyNNyBCvsosorej3cwMHACfZcLt
> > 	PwFJYJu8w1rU64Z82ddF6LY=
> > 	=If2b
> > 	-----END PGP SIGNATURE-----
> > 
> > 
> > 
> > On (21/11/03 13:13), Jan Wagner wrote:
> >
> > > On Friday 21 November 2003 12:38, Thomas Sjögren wrote:
> > >
> > > > Anyone to shed some light over this?
> > > >
> > > > "Someone has cracked all the servers of the Debian Project. There has
> > > > been a severe security mishap and guys should uninstall all stuff
> > > > downloaded and installed in the past 2 days. Please do not apt-get
> > > > anything right now! Please wait till an `official' release happens!"
> > > > http://article.gmane.org/gmane.linux.debian.user/117910
> > > >
> > > > Server security mishap - you think?!
> > >
> > > 
> > > http://luonnotar.infodrom.org/~joey/debian-announce.txt
> 
> Seems you didn´t read this.
> 
> Regard, Jan.

-- 
Bueno, Felippe
<bueno@hal.vu>
http://www.hal.vu
Reply to: