Server compromise delays GNOME 2.6
Get Up to Speed on... Enterprise security Get the latest headlines and company-specific news in our expanded GUTS section. | ||||
"While we have determined that none of our released sources were affected, we are showing due caution by giving the (system administrator) team plenty of time to finish their investigation and restore critical services," he stated. "Apologies for the delay, especially for all our friends around the world who have organized GNOME 2.6 release parties!"
GNOME 2.6 brings incremental improvements to the graphical user interface, through which many Linux desktop users see the open-source operating system. For example, Nautilus, the file browser, is faster and more extensible, the GNOME project maintains. Various flavors of Linux, including Red Hat, Novell's SuSE and Mandrake, use the GNOME desktop system. Each can also be configured to use the major alternative, KDE, or several others.
The breach, while apparently minor, is the latest attack on open-source development servers in the last year.
In November, the servers for two Linux projects--Debian and Gentoo--were compromised. Earlier the same month, an attacker managed to gain access to a server that mirrored the latest version of the code for the Linux kernel. And in March and December, separate attacks on servers hosting software under development by the GNU Project, the source of much of the free software used by Linux, successfully breached those systems.
On Tuesday, the GNOME Web site had been shut down by the system administrator team. And although the site and several other services, such as file-downloading capabilities, were again available Wednesday, the site is currently down.
"Clumsy" intruder
"No additional damage has been discovered," Owen Taylor, a member of the GNOME system administration team, stated in an e-mail to the project mailing list. "At the current time, we are cautiously hopeful that the compromise was limited in scope."
="" width="1" height="10" border="0"> | ||||
="" width="1" height="8" border="0"> Get Up to Speed on... Open source Get the latest headlines and company-specific news in our expanded GUTS section. | ||||
="" width="1" height="10" border="0"> |
"The time between the intrusion...and discovery (was) probably less than two hours," McKenzie said. "It appears that the intruder was very clumsy."
Upon investigation, the system administration team found a collection of intrusion tools, commonly referred to as a "root kit," in a folder reserved for temporary storage. At least one programmer believed that the server had been compromised through a vulnerability in a data synchronization program called Rsync. The same flaw had been used to compromise a file server the Gentoo Linux Project used last December.
"The potentially serious problem is if Widget (the bug-database server) has been used to interfere with the GNOME 2.6 release," McKenzie said.
McKenzie stressed that the GNOME Project is being careful that no illicit changes have been made. "It looks like (the intruders) were doing some sort of DOS (denial of service) attack from Widget rather than trying to disrupt the GNOME Project," he said. "We still have to check, though."