Exploit in Upgrade Chain?
I updated/upgraded both my AMD64 and AMD k6 "Etch" machines between Feb 10-11, 2009 using "Lenny" test. Both picked up a symptom I haven't seen since the lpd exploit of the 1990's. This symptom manifests itself as either a random escalation of the etc directory mode up to 600, or a consistent escalation to mode 600 upon reboot. I don't remember why the lpd exploit did this. If this is an exploit, it shakes my confidence in debian online updating. It would indicate that someone in the trust chain is putting the distribution in jeopardy. Also, the Bastille firewall on the AMD64 began locking down port 80 after about 10min of operation. Adding 80 to all interfaces didn't help. Only shutting down Bastille cleared the block. I fear this is another indication of the exploit. I threw in some iptable rules for some protection, and they have been allowed to stand..so far. Has anyone else experienced this misbehavior after an upgrade? Any suggestions, other than a complete disk wipe on both machines? In any case, where would I go for a trusted rebuild, if there truly is a sabateur in the ranks of the Debian maintainers? Maybe it's time to move to Ubuntu :-(
Reply to: