compromise of gluck.debian.org, lock down of other debian.org machines

To: debian-devel-announce@lists.debian.org

Subject: compromise of gluck.debian.org, lock down of other debian.org machines

From: James Troup <james@nocrew.org>

Date: Wed, 12 Jul 2006 18:47:24 +0100

Message-id: <[🔎] 874pxmemvn.fsf@pasta.gloaming.local>

Mail-followup-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Early this morning we discovered that someone had managed to compromise gluck.debian.org. We've taken the machine offline and are preparing to reinstall it. This means the following debian.org services are currently offline: cvs, ddtp, lintian, people, popcon, planet, ports, release Based on the results of our initial investigation we've locked down most other debian.org machines, limiting access to DSA only, until they can be fixed for what we suspect is the exploit used to compromise gluck. We're still investigating exactly what happened and the extent of the damage. We'll post more info as soon as we reasonably can. - -- James -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.8+ <http://mailcrypt.sourceforge.net/> iQIVAwUBRLU1oNfD8TGrKpH1AQJxXw//SYz8qfJzavCtdq9uLidAXVZcfT8PW0PA d1166XENr3TryTC10ZY5dAWjc1Q7gy1YLMPBgDnjj6LlvD7EMOnathddX5dUuU9x UHOcBBka5BDguZCL/oV4zSNKaq9Ses9dP7n/Cw/kQdqMBKhtcAI0lpYlHt4JijmJ eU+lgMq6/3EgGV8XF5rX1kzl65K4o8slb8ygpc7KlXoKfYxKNp0Tmd/lDOQbsiDx EXHNcN5DWUPsfEKSF65LczH6Y9GFGkcYhO4FJQLOhCXExClYW8WSbVXoXnAnvuuW nLMuhG/pDRJVBdzTaRFRjXUvsmDoUAzf/c6suToqMUhp1cVMBOcEuubqgfeZcn2E 6Z9nT/1L6iHk1G1Dfrqj1IgeU2lA9dZCESsuoGp9qkwiDf3XW4IbAtVija3vHQwn LOqSk9AGJZnumAMewjUvzwrfoEtcTOZGgz6OtN6OkQXrKh0BNIjH/Jndy4CkZHgG OPn6upPt4IpmyEYK6dZY+o3+ZvB/2aOLOV+6VVN98O0bPfLEQmOhEvrrNh+6vP22 evK2noa6iMmq7B0ZTkShdBjxKs7dGoLBk/yidk043M+8P+U4JmOTJSPylL7k3OQ+ Va2YHQ48AqPhTQAOffPW7mD1ZWpj4bEmvqJI1tDADmMN+9oIG94Cb6qhDMU/3t3u +mMB9lsIJBs= =0D08 -----END PGP SIGNATURE-----