Kernel.org servers are hacked

Alejandro (a.k.a KZKG^Gaara)

2 minutes

 Apparently an undetermined number of servers hosting kernel.org have been violated and fullfilment of security requirements it was seen engaged. This would have happened to early august, although only on the 28th the site administrators realized it.

What happened?

  • Intruders accessed the Hera server with administrator privileges. Kernel.org administrators suspect that this was possible after some user credentials were compromised; how they were able to take advantage of this to gain admin privileges is not yet known and is being investigated.
  • The files belonging to ssh (openssh, openssh-server and openssh-clients) were modified and executed live.
  • A Trojan was added to the system startup applications (from kernel.org servers… No, not on your machine! Don't panic!).
  • All user interactions as well as some of the malicious code were tracked. For now, the administrators have saved this information.
  • The Toryan originally discovered by an Xnest / dev / mem error message without having Xnest installed has been seen on other systems as well. It is not yet clear whether the systems displaying this message are compromised or not.
  • Apparently the 3.1-rc2 kernel appears to have blocked the malicious code in some way. It is not yet known if this is intentional or a side effect of another change.

What is being done to control the damage done?

  • Several servers have been disconnected to make backups and reinstall the system again.
  • Authorities in the United States and Europe have been notified to assist in the investigation.
  • The system will be completely reinstalled on ALL kernel.org servers.
  • An analysis of the code uploaded to git, as well as the tarballs, will begin to confirm that nothing was modified.

Sleep peacefully my friends

Jonathan Corbet, from the Linux Foundation, has written a note talking about the event that, although serious, should not generate panic or mass hysteria since they have the necessary tools to return to normality and locate any unauthorized modification:

The episode is disturbing and embarrassing. But I can say that there is no need to worry about the integrity of the kernel source code or any other software hosted on kernel.org systems.

Therefore, we must be calm because, after detection, everything will return to normal. Of course, no one can take it away from the scare and, of course, it has been a blow to the project managers who will probably spend time improving the security of their systems.

Source: Kernel.org & Alt1040


Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.

  1.   Anonymous said
    ago 11 years

    Нey I am so eхcited I found your ωeblog, Ӏ really found you by mіstake, ωhilе I was
    bгοωѕing on Yahoo for something else, Nonetheless
    ӏ am here now and would just like to say
    thankѕ a lot for a remarκаblе post and an all гound interesting blog (I
    also love the theme / desіgn), I don't have time to read through it all at the minutе
    but I have book-mаrked it and also added
    уour RSS feeds, so ωhen I have time I will be back
    to read more, Please do keep uρ the fantastic
    jo.

    Here is my blog http://www.sfgate.com
    My webpage > informationexchangeinc.com

    Reply to Anonymous
  2.   Let's use Linux said
    ago 11 years

    The truth is that neither do I ... I don't want to be conspiranoic, but isn't it an outpost of large companies to unseat Linux?
    Hug! Paul.

    Respond to Let's Use Linux