Security breach on kernel.org

Status
Not open for further replies.

PenTester

New Member
Thread author
Jul 30, 2011
114
Security Breach occurred on Kernel.org. This is news from their official Website: Earlier this month, a number of servers in the kernel.org infrastructure were compromised. We discovered this August 28th. While we currently believe that the source code repositories were unaffected, we are in the process of verifying this and taking steps to enhance security across the kernel.org infrastructure


What happened?
* Intruders gained root access on the server Hera. We believe they may have gained this access via a compromised user credential; how they managed to exploit that to root access is currently unknown and is being investigated.
* Files belonging to ssh (openssh, openssh-server and openssh-clients) were modified and running live.
* A trojan startup file was added to the system start up scripts
* User interactions were logged, as well as some exploit code. We have retained this for now.
* Trojan initially discovered due to the Xnest /dev/mem error message w/o Xnest installed; have been seen on other systems. It is unclear if systems that exhibit this message are susceptible, compromised or not. If developers see this, and you don't have Xnest installed, please investigate.
* It *appears* that 3.1-rc2 might have blocked the exploit injector, we don't know if this is intentional or a side affect of another bugfix or change.

What Has Been Done so far:


* We have currently taken boxes off line to do a backup and are in the process of doing complete reinstalls.
* We have notified authorities in the United States and in Europe to assist with the investigation
* We will be doing a full reinstall on all boxes on kernel.org
* We are in the process of doing an analysis on the code within git, and the tarballs to confirm that nothing has been modified



For more details: http://kernel.org

Hacking News
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Kernel.org the home of Linux Kernel repositories files. Good and they made an immediate fix since its really a security risk.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top