Server compromise delays GNOME 2.6

By Robert Lemos
Posted on ZDNet News: Mar 24, 2004 10:10:00 PM

Citing evidence that intruders gained access to its Web server, the GNOME Project said on Wednesday that it has launched a cleanup effort that will delay the next version of the open-source desktop by a week.



		Get Up to Speed on... Enterprise security Get the latest headlines and company-specific news in our expanded GUTS section.

As CNET News.com reported, system administrators for the GNOME (GNU Network Object Model Environment) Project found evidence on Tuesday that indicated that the project's Web server had been compromised. As a result of the breach, the team responsible for releasing GNOME 2.6 has decided to delay the update until March 31, Jeff Waugh, a project member, stated in a Wednesday announcement to developers.

"While we have determined that none of our released sources were affected, we are showing due caution by giving the (system administrator) team plenty of time to finish their investigation and restore critical services," he stated. "Apologies for the delay, especially for all our friends around the world who have organized GNOME 2.6 release parties!"

GNOME 2.6 brings incremental improvements to the graphical user interface, through which many Linux desktop users see the open-source operating system. For example, Nautilus, the file browser, is faster and more extensible, the GNOME project maintains. Various flavors of Linux, including Red Hat, Novell's SuSE and Mandrake, use the GNOME desktop system. Each can also be configured to use the major alternative, KDE, or several others.

The breach, while apparently minor, is the latest attack on open-source development servers in the last year.

In November, the servers for two Linux projects--Debian and Gentoo--were compromised. Earlier the same month, an attacker managed to gain access to a server that mirrored the latest version of the code for the Linux kernel. And in March and December, separate attacks on servers hosting software under development by the GNU Project, the source of much of the free software used by Linux, successfully breached those systems.

On Tuesday, the GNOME Web site had been shut down by the system administrator team. And although the site and several other services, such as file-downloading capabilities, were again available Wednesday, the site is currently down.

"Clumsy" intruder
"No additional damage has been discovered," Owen Taylor, a member of the GNOME system administration team, stated in an e-mail to the project mailing list. "At the current time, we are cautiously hopeful that the compromise was limited in scope."



		Get Up to Speed on... Open source Get the latest headlines and company-specific news in our expanded GUTS section.

GNOME Project members first noticed the attack at 1 a.m. PST on March 23, when a bug database server, known as Widget, started to act strangely, said Callum McKenzie, a GNOME developer who investigated part of the attack. Programmers originally thought that the strange behavior was due to an update to the bug database software but soon noticed that several strange programs seemed to be running on the system.

"The time between the intrusion...and discovery (was) probably less than two hours," McKenzie said. "It appears that the intruder was very clumsy."

Upon investigation, the system administration team found a collection of intrusion tools, commonly referred to as a "root kit," in a folder reserved for temporary storage. At least one programmer believed that the server had been compromised through a vulnerability in a data synchronization program called Rsync. The same flaw had been used to compromise a file server the Gentoo Linux Project used last December.

"The potentially serious problem is if Widget (the bug-database server) has been used to interfere with the GNOME 2.6 release," McKenzie said.

McKenzie stressed that the GNOME Project is being careful that no illicit changes have been made. "It looks like (the intruders) were doing some sort of DOS (denial of service) attack from Widget rather than trying to disrupt the GNOME Project," he said. "We still have to check, though."

SponsoredWhite Papers, Webcasts, and Downloads

Talkback
Most Recent of 33 Talkback(s)

Thread View
Flat View

did i say that?: all my point was that atleast the admin managed to find the hack and admited they screwed up, which at the least inspires a bit more trust than a bunch of admins who didn't notice a hack and refused t... (Read the rest); Posted by: ryusen Posted on: 03/29/04 You are currently: Logged In as: a Guest | Login | Terms of Use

CANT BE!!!! Valis Keogh | 03/24/04

Ummm slight differece here! MkIIISupra | 03/24/04

Linux Idiot # 147560 toadlife | 03/24/04

re: Linux idiot.. Iain_Peters | 03/25/04

The problem with that is... toadlife | 03/25/04

Are you saying... doe_z | 03/25/04

Depends on the user toadlife | 03/25/04

You are a simple man aren't you!? MkIIISupra | 03/25/04

The Elitists Strike Again nikoli | 03/25/04

Gee don't get your ******* in a bind. toadlife | 03/25/04

and to think Monkey_MCSE | 03/24/04

Can't be??? bchesmer | 03/24/04

I suspect PA-ITGuy | 03/25/04

Vulnerability from 2 years ago? SpideyWriter | 03/24/04

it sounds like... ryusen | 03/24/04

Oh, that makes it ok then. No_Ax_to_Grind | 03/24/04

Is it then OK??? bchesmer | 03/24/04

did i say that? ryusen | 03/29/04

... sounds like an cheap excuse AxleMunshine | 03/25/04

Server compromise delays GNOME 2.6 Loverock Davidson | 03/24/04

one of the bsd's... bchesmer | 03/24/04

re: one of the Iain_Peters | 03/25/04

Rip off or no rip off... toadlife | 03/25/04

I couldn't say linux was to blame Monkey_MCSE | 03/25/04

double standard tooner440 | 03/25/04

maybe, but who knows Monkey_MCSE | 03/25/04

Read prior posts OhMyGosh | 03/25/04

Embarassing and shameful AxleMunshine | 03/25/04

Linux is LESS secure than windows ha ha I'm a idiot | 03/25/04

Delays in open source to be expected, full of holes .1 | 03/25/04

More bad news for linux Anti Globalist | 03/25/04

Servers were running LINUX {hacked} again Buy American | 03/25/04

Gnome is 100% junk anyways .1 | 03/26/04

What do you think?

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

SponsoredWhite Papers, Webcasts, and Downloads

Visit the ZDNet Enterprise Mobility Hub sponsored by Verizon Wireless! It has the latest news, commentary, and resources for your mobile and wireless strategy development.
Video: How to spoof a MAC address
Five steps to protect mobile devices anywhere, anytime
Fetch Your E-Mail from Anywhere
From our sponsors
Push to Talk from Verizon Wireless Choose Verizon Wireless and get a Push to Talk service you can rely on. The only service that comes with the Network. Starting at $699.