[Linux-bruxelles] rootkit en liberté

[Pedro Mullor]

attention debianistes : (sorry, c'est en anglais)

"James Troup (part of the Debian System administration team) has
published more information on the recent compromise of four debian.org
machines. The attack vector seemed to be a sniffed password of an
unprivileged account, from which the attacker somehow managed to gain
root and install the suckit rootkit and crack the other machines. As the
machines were fairly uptodate with respect to security, an as-of-yet
unknown local root exploit might be in the wild, so keep an eye on your
boxen.Note that the main ftp archive running on a sparc machine was not
compromised, so the exploit might not yet be ported to non-i386
architectures."

http://slashdot.org/articles/03/11/28/050232.shtml?tid=126&tid=172&tid=185&tid=90


et, sur les DWN :

Debian Servers compromised. The Debian project had to [4]report that
four servers were [5]compromised by an unknown attacker. The admin
team, with site admins and service admins are busy checking and
resurrecting machines and services. As a first [6]reaction all
accounts have been locked as a safety precaution. If the same password
was used for Debian machines and others, you are strongly advised to
change it as soon as possible.

 4. http://www.debian.org/News/2003/20031121
 5. http://cert.uni-stuttgart.de/files/fw/debian-security-20031121.txt
 6. http://lists.infodrom.org/misc/2003/0013.html


Pour ceux qui ont du mal avec l'anglais, juste leur rappeler la
necessité de changer les mots de passe de temps en temps....

cheers,

Pedro


### Today's excuse is: Techtonic stress