A mailing list post alerted users about the compromise, which affected a number of services available to developers. A followup message on debian.org indicated the compromised server has already been restored, and that a local root vulnerability in the Linux kernel was used from a compromised developer's account. The local exploit, BID 18874 (CVE-2006-2451) allows a local user to cause a DoS (denial of service) and gain privilege escalation to root.
The report indicated that even with root access, the attacker was not able to reach restricted Debian servers containing its regular and security archives. In response to the server compromise, a password audit performed by the Debian team has apparently revealed various developer accounts with weak passwords (without public key authentication) that have since been locked.
Debian is one of the most popular distributions of the free GNU/Linux operating system, with a team of over a thousand volunteers and developers. The distribution's latest release, version 3.1, is not affected by the exploit.
Posted by: Kelly Martin