ZDNet UK: Debian Attacker May Have Used New Exploit
Dec 01, 2003, 10:00 (1 Talkback[s])
(Other stories by Matthew Broersma)
"An as-yet-unknown security exploit in Linux may have been
responsible for a recent compromise of Debian.org's servers,
according to a system administrator with the Debian operating
"Initial investigations of the security breach, which occurred
on 19 November, indicate that the attacker was able to gain full
control of Debian servers after logging on via unprivileged
accounts, known as privilege escalation, according to James Troup,
part of the team handling Debian's distribution.
"'I believe that there was an as-yet-unknown local root exploit
used to go from having local unprivileged access to having root,'
Troup wrote in an email to a Debian mailing list on Friday. 'There
is [I believe] an unknown local root exploit in the wild...'"