Debian servers hacked?
Fraser Campbell
fraser-Txk5XLRqZ6CsTnJN9+BGXg at public.gmane.org
Fri Nov 21 13:00:08 UTC 2003
I hate to fan the flames of rumour but just in case this is true I thought I
should forward. I've seen a link stating that the archives
(binaries/sources) are fine but nothing has come directly to me yet that was
from "official" sources ...
I download all updates automatically every night to my servers but do not
install them. Last night I downloaded 9 packages which seemed unusual.
Looking closer I could see the packages came from the main Debian archive
(not security) which seemed even more unusual.
I checked debian-user to see if there were reports of any funny stuff. So far
this is what I know:
- Debian 3.0r2 was scheduled to be released today, it hit the mirrors last
night and is "out there" though not yet announced, this would explain the
new packages
- Many of the 9 packages are rather typical of ones that get trojaned, they're
also typical of the ones that get security updates mind you:
bsdutils_1%3a2.11n-7_i386.deb
console-data_1999.08.29-24.2_all.deb
procmail_3.22-5_i386.deb
debianutils_1.16.2woody1_i386.deb
procps_1%3a2.0.7-8.woody1_i386.deb
util-linux_2.11n-7_i386.deb
mount_2.11n-7_i386.deb
zlib1g_1%3a1.1.4-1.0woody0_i386.deb
nano_1.0.6-3_i386.deb
- Someone forwarded a link to an announcemet supposedly from debian-announce
http://cert.uni-stuttgart.de/files/fw/debian-security-20031121.txt
Maybe the packages are trojaned, maybe they aren't ... I ain't installing them
yet ;-) My hope is that someone on Debian user just pulled a well timed joke.
--
Fraser Campbell <fraser-Txk5XLRqZ6CsTnJN9+BGXg at public.gmane.org> http://www.wehave.net/
Georgetown, Ontario, Canada Debian GNU/Linux
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list