First page Back Continue Last page Overview Graphics
Linux Viruses and Such
Malware Timeline (concluded)
Nov. 2003: Compromise of four Debian Project servers, a server participating in the Gentoo Project's rsync.gentoo.org cluster (but neither project's packages), and FSF's Savannah server, using stolen login credentials plus escalation to root using a recently discovered (Sept. 2004) bug in the v. 2.4.22 kernel's brk() system call: Andrew Morton had patched the bug without realising its security implications.
Both the Debian and Gentoo compromises were detected within hours because of (1) file-integrity checkers, and (2) alert sysadmins noting a suspicious pattern of kernel “oopses”.
Notes: