December 5, 2003

Debian's Response

Things got pretty exciting in the Linux world recently, when the Debian Linux distribution announced that a cracker had broken in to four
machines, escalated privileges to root, and installed rootkits on several of the servers.

The method? The cracker used keylogging software to sniff the password of a user authorized to log in to one of the servers on Wednesday, 19 November
2003, then logged in and took advantage of a vulnerability in the Linux kernel to escalate to root. After that, it was a short time before the other
machines were compromised as well. Further details about the exploit are available in a number of places, including Linux Today and

Let's cut to the question many readers probably have: if you use Linux, should you be worried?

Well, yes and no. The vulnerability used in the privilege escalation affects all versions of the Linux kernel prior to 2.4.23 (or 2.5.69 if you're
running that series of the kernel, or 2.6.0-test6 if you're using the absolute latest and greatest). And that's from all vendors, including Debian,
Red Hat, Mandrake, Slackware, and SUSE. However, in order to exploit the vulnerability, the cracker first must have a local account on the machine,
with shell access. In other words, the bad guys can't just force their way into any old Linux box, unless they first can login as a user onto that



  • Security
Click Here!