Rootkit installed in several Debian infrastructure servers
A sniffed password was used to log into a Debian server, then privileges were escalated and a rootkit installed in at least four different Debian machines.
Impact
- Debian development slowed down as LDAP/SSH were disabled and secrets rotated
- External checksum lists were used to verify that packages weren’t affected
Type of compromise
Publishing Infrastructure
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.