来源:http://www.securityfocus.com/brief/253
最近,Debian的一台核心服务器被本地用户攻陷,Debian相关负责项目小组目前已经快速的作出了反应,目前已经恢复正常。
在maillist上有详细的说明,好像最先是一个开发用户账户被攻陷,然后利用内核的本地权限提升的漏洞,达到了目的。
详情如下文:
A core server of the popular Debian GNU/Linux distribution was compromised recently, prompting swift response from the developer team.
A mailing list post alerted users about the compromise, which affected a number of services available to developers. A followup message on debian.org indicated the compromised server has already been restored, and that a local root vulnerability in the Linux kernel was used from a compromised developer's account. The local exploit, BID 18874 (CVE-2006-2451) allows a local user to cause a DoS (denial of service) and gain privilege escalation to root.
The report indicated that even with root access, the attacker was not able to reach restricted Debian servers containing its regular and security archives. In response to the server compromise, a password audit performed by the Debian team has apparently revealed various developer accounts with weak passwords (without public key authentication) that have since been locked.
Debian is one of the most popular distributions of the free GNU/Linux operating system, with a team of over a thousand volunteers and developers. The distribution's latest release, version 3.1, is not affected by the exploit.
