November 28, 2003

Debian attacker may have used new exploit

An as-yet-unknown security exploit in Linux may have been responsible for a recent compromise of Debian.org's servers, according to a system
administrator with the Debian operating system project.

Initial investigations of the security breach, which occurred on 19 November, indicate that the attacker was able to gain full control of Debian
servers after logging on via unprivileged accounts, known as privilege escalation, according to James Troup, part of the team handling Debian's
distribution.

"I believe that there was an as-yet-unknown local root exploit used to go from having local unprivileged access to having root," Troup wrote in an
email to a Debian mailing list on Friday. "There is [I believe] an unknown local root exploit in the wild."

Link: zdnet.co.uk

Category:

  • Linux
Click Here!