On Wed, Dec 03, 2003 at 02:57:11AM +0100, Bernd Eckenfels wrote: > On Wed, Dec 03, 2003 at 10:54:24AM +1000, Andrew Pollock wrote: > > The only way to have avoided this kernel vulnerability from day-0 of > > discovery/fix release would have been to be constantly upgrading to > > pre-release kernels.
> Yes but also the debian servers would not have been vulnerable if they had
> used 2.4.23. At least not at that point in time.
Um, what?
Nov 19 17:00 Attacker logs into klecker with sniffed password
Nov 19 17:08 Root-kit installed on klecker
Nov 19 17:20 Attacker logs into master with same sniffed password
Nov 19 17:47 Root-kit installed on master
Nov 19 18:30 Attacker logs into murphy with service account from master
Nov 19 18:35 Root-kit installed on murphy
Nov 19 19:25 Oopses on murphy start
Nov 20 05:38 Oopses on master start
Nov 20 20:00 Discovery of Oopses on master and murphy
Nov 20 20:54 Root-kit installed on gluck
Nov 20 22:00 Confirmation that debian.org was compromised
Nov 21 00:00 Deactivation of all accounts
Nov 21 00:34 Shut down security.debian.org
Nov 21 04:00 Shut down gluck (www, cvs, people, ddtp)
Nov 21 08:30 Point www.debian.org to www.de.debian.org
Nov 21 10:45 Public announcement
Nov 21 16:47 Developer information updated
Nov 21 17:10 Shut down murphy (lists)
Nov 22 02:41 security.debian.org is back online
Nov 25 07:40 lists.debian.org is back online
Nov 28 22:39 Linux 2.4.23 released
^^^^^^^^^^^^^^^^^^^^^
--
Steve Langasek
postmodern programmer
signature.asc
Description: Digital signature
