The open-source Ubuntu project shut down on Saturday five of eight community-run servers that the group sponsors, after attacks were detected emanating from the computers.
The Ubuntu project, which manages the popular Linux distribution, received reports of the attacks on Monday, August 6, and proceeded to take the servers offline. The servers were running an older version of the Ubuntu Linux operating system, making several software packages vulnerable to known flaws.
"Since it was reported that they were actively attacking other machines (and because it's What You Do), the decision was taken to shut the machines down," said Jono Bacon, Ubuntu community manager, said in a post to the mailing list
The Ubuntu project has suffered some security setbacks in the past year, including an update pushed out to many systems that crashed the graphical user interface and a bug in the drivers provided by NVidia that could have allowed a remote compromise. Early last year, a researcher discovered that the open-source Linux distribution's installer also stored passwords in cleartext. All the issues were quickly fixed by the Ubuntu project and Canonical, the company that started the Linux distribution.
While the servers are sponsored by Canonical, the computers are administered by community members, the company said in its weekly newsletter.
A nod to ZDNet's Zero Day blog.
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos