Gentoo Linux Server Compromised

Gentoo Linux said today that a server it uses to distribute its software was compromised by attackers on Tuesday. Gentoo's security team said the intrusion was detected within an hour, and it was "reasonably confident" that no distribution files were altered.

The Gentoo event comes just two weeks after a server compromise at The Debian Project was traced to an exploit in the Linux kernel that allowed local users running Userland software to upgrade their privileges to root.

Gentoo said the method used to gain access ot its server is still under investigation, but promised to release details once they are available. "At this point, we are still performing forensic analysis," Gentoo's Kurt Lieber told users in an email. "However, the compromised system had both an IDS and a file integrity checker installed and we have a very detailed forensic trail of what happened ... The attacker appears to have installed a rootkit and modified/deleted some files to cover their tracks, but left the server otherwise untouched."

On Nov. 21 the Debian project said four of its servers had been compromised. After verifying its archives, project managers expressed confidence that no code had been altered.

Back in August, an FTP server used by the Free Software Foundation to distribute open source code was found to have been compromised for at least four months. The incident also involved a local user, who cracked the box using a ptrace exploit immediately after the exploit was posted.

Netcraft offers a range of advanced security services, including The Netcraft Network Examination, an automated vulnerability test of Internet-connected networks which checks for new security vulnerabilities and configuration errors caused by system and network maintenance.