Gentoo Linux server compromised

Hackers have forced the Gentoo Linux project to take a server offline
Written by Patrick Gray, Contributor
A Gentoo Linux project server has been compromised by attackers and subsequently pulled offline for a full forensic analysis.

The attack and subsequent compromise comes after several machines belonging to the Debian Linux project were breached by attackers last month. A forensic analysis of the Debian machines revealed no software packages or source code offered for download were affected -- a claim now being made by Gentoo.

The maintainers of the Gentoo Linux distribution have released a statement which describes the incident. "One of the servers that makes up the rsync.gentoo.org rotation was compromised via a remote exploit," it reads. "The compromised system had both an IDS and a file integrity checker installed and… we are reasonably confident that the portage tree stored on that box was unaffected."

The Gentoo team claim the breach was detected within approximately one hour.

"During this time, approximately 20 users synchronised against the portage mirror stored on this box. The method used to gain access to the box remotely is still under investigation. We will release more details once we have ascertained the cause of the remote exploit," it read.

The machine didn't actually belong to the project. It was donated by a sponsor, whose identity is at this stage undisclosed.

The Debian project servers were compromised by a previously unknown local vulnerability in the Linux kernel which has since been identified and rectified by a patch.

Editorial standards