securitybreach Posted September 1, 2011 Share Posted September 1, 2011 There is a note posted on the main kernel.org page, that kernel.org has been compromised earlier this month: 'Earlier this month, a number of servers in the kernel.org infrastructure were compromised. We discovered this August 28th. While we currently believe that the source code repositories were unaffected, we are in the process of verifying this and taking steps to enhance security across the kernel.org infrastructure.' The note goes on to say that it is unlikely to have affected the source code repositories, due to the nature of git....."While we currently believe that the source code repositories were unaffected, we are in the process of verifying this and taking steps to enhance security across the kernel.org infrastructure.' The note goes on to say that it is unlikely to have affected the source code repositories, due to the nature of git. http://linux.slashdot.org/story/11/08/31/2...org-Compromisedhttp://www.thehackernews.com/2011/09/kerne...-448-users.html What happened?Intruders gained root access on the server Hera. We believe they may have gained this access via a compromised user credential; how they managed to exploit that to root access is currently unknown and is being investigated.Files belonging to ssh (openssh, openssh-server and openssh-clients) were modified and running live.A trojan startup file was added to the system start up scriptsUser interactions were logged, as well as some exploit code. We have retained this for now.Trojan initially discovered due to the Xnest /dev/mem error message w/o Xnest installed; have been seen on other systems. It is unclear if systems that exhibit this message are susceptible, compromised or not. If developers see this, and you don't have Xnest installed, please investigate.It *appears* that 3.1-rc2 might have blocked the exploit injector, we don't know if this is intentional or a side affect of another bugfix or change.What Has Been Done so far:We have currently taken boxes off line to do a backup and are in the process of doing complete reinstalls.We have notified authorities in the United States and in Europe to assist with the investigationWe will be doing a full reinstall on all boxes on kernel.orgWe are in the process of doing an analysis on the code within git, and the tarballs to confirm that nothing has been modified https://www.kernel.org/ Quote Link to comment Share on other sites More sharing options...
V.T. Eric Layton Posted September 1, 2011 Share Posted September 1, 2011 Hmm... Microsoft operatives, I'd bet. Quote Link to comment Share on other sites More sharing options...
securitybreach Posted September 1, 2011 Author Share Posted September 1, 2011 Hmm... Microsoft operatives, I'd bet. Or Cupertino(Apple) Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted September 1, 2011 Share Posted September 1, 2011 Yeah, could be them, or the really bad guys too. Quote Link to comment Share on other sites More sharing options...
securitybreach Posted September 1, 2011 Author Share Posted September 1, 2011 Yeah, could be them, or the really bad guys too. RIght!! Quote Link to comment Share on other sites More sharing options...
securitybreach Posted September 1, 2011 Author Share Posted September 1, 2011 Very true Temmu Quote Link to comment Share on other sites More sharing options...
sunrat Posted September 1, 2011 Share Posted September 1, 2011 Yeah, could be them, or the really bad guys too. Reminds me of an old saying - "The more money you have, the more damage you can do". Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.