The Gentoo Project has removed a server hosting several sites and services after the discovery of a potentially serious command injection vulnerability.
"The Infrastructure team verified the vulnerability and the server was immediately taken down to prevent further exploitation and to allow for forensic analysis," Gentoo said in brief note on its Web site.
The server hosted the following sites and services:
The group said the affected server will be rebuilt while the http://packages.gentoo.org service's source undergoes a full security audit prior to being restored. The tree and all other services were unaffected.
The Gentoo site vulnerability comes on the heels of this week's security breach at Ubuntu that forced the removal of 5 of 8 productions servers from the Internet.
The Ubuntu servers were found to be missing security patches, using insecure protocols (FTP without SSL) to access the machines and without upgrades past breezy due to problems with the network cards and later kernels.