Cause of Debian Server Compromise Found

The cause of the recent compromise of four of Debian’s servers has been identified to a then-unknown local root compromise in the Linux kernel that was fixed in the recently-released 2.4.23. A lack of bounds checking in the do_brk() function in the kernel allowed a malicious program to gain access to kernel memory, thus allowing it to elevate itself to root. At the time the bug was fixed (back in September), the security implications of the bug weren’t known.
Read the rest of this entry »