The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

possible compromise of master.debian.org?

To: debian-private@lists.debian.org
Subject: possible compromise of master.debian.org?
From: bruce@pixar.com (Bruce Perens)
Date: Tue, 14 Oct 97 11:00 PDT
Reply-to: Bruce Perens <bruce@pixar.com>
Resent-cc: recipient list not shown: ;
Resent-date: 14 Oct 1997 17:59:25 -0000
Resent-from: debian-private@lists.debian.org
Resent-message-id: <"oiJPmB.A.pDD.7L7Q0"@debian>
Resent-sender: debian-private-request@lists.debian.org

CERT sent this to Novare. I'm not at all clear that this indicates an exploit,
but I don't understand what /var/spool/bwnfs does, or why that directory is
exported as writable by "master".

	Thanks

	Bruce

Message-Id: <199710141606.MAA17151@oakmont.cert.org>
From: "CERT(R) Coordination Center" <cert@cert.org>
Reply-To: "CERT(R) Coordination Center" <cert@cert.org>
Date: Tue, 14 Oct 97 12:02:35 EDT
To: ean@novare.net, marshall_weinreb@novare.net
Cc: "CERT(R) Coordination Center" <cert@cert.org>
Subject: CERT#8070 DFN-CERT#31556 root compromise
X-UIDL: 25d91469eceefff13444ea8b7e870689
X-Filter: mailagent [version 3.0 PL56] for ean@sarge.novare.net

-----BEGIN PGP SIGNED MESSAGE-----

Hello Ean and Marshall,

I am a member of the technical staff at the CERT Coordination Center.
The CERT/CC provides technical assistance to Internet sites in
response to computer security incidents.  We recently received an
email message from the German Incident Response Team (DFN-CERT)
regarding activity on a compromised host in Germany.

(DFN-CERT and the CERT Coordination Center are participating members in
FIRST, the Forum of Incident Response and Security Teams.  More
information about FIRST is available at http://www.first.org/)

This mail read in part:

>The following commands where found in the shell history:
>	
>| mount debian.novare.net:/var/spool/bwnfs /mnt

Since this involvment may indicate that your host has been
compromised, we encourage you to check your systems for signs of
compromise using our Intruder Detection Checklist, available at:

  ftp://info.cert.org/pub/tech_tips/intruder_detection_checklist

This document will help you methodically check your systems for signs
of compromise and offers pointers to other resources and suggestions
on how to proceed in the event of a compromise. 

In order to better help us understand this incident, we would
appreciate being included in the "Cc:" line of any email messages you
may send to the sites you find to be involved in this incident.

We have assigned an internal reference number (CERT#8070) to this
report and it is included in the subject line of this e-mail message.
This unique, random number will help us track correspondence and
coordinate our activities. We would appreciate your including it in
the subject line of future correspondence about this report.

We'll continue to review any additional correspondence, and would
welcome any further information related to this incident.  If however,
we do not hear of any new information, we do not plan to follow up
with you any further about this activity, and we will close this
incident in our files.

If you have any questions or comments, or if there is anything we can
do to help, please let us know.

Cory
- -- 
======================================================================
Cory Forrest Cohen        cert@cert.org       CERT Coordination Center
Hotline: +1-412-268-7090                Software Engineering Institute
Fax: +1-412-268-6989                        Carnegie Mellon University
======================================================================


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBNEOYbnVP+x0t4w7BAQEBMAQAwPYhAf9FmTrAZmjD74KCatLOl4/dfqsy
CkZFBq0cOvaKfkqrtFo625hq0XoyCqD+hGHKjPhHE+IveSLVuUmnkmwILzQm9USL
co4/jTHH6/A1wfMVl1ktJDnrzU3uuGYluP37SZZbLYr5ywAx/xT3l6F1gxsPEIKN
eX5kvX2FO+8=
=RiGo
-----END PGP SIGNATURE-----
-- 
Can you get your operating system fixed when you need it?
Linux - the supportable operating system. http://www.debian.org/support.html
Bruce Perens K6BP   bruce@debian.org   NEW PHONE NUMBER: 510-620-3502


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-private-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Follow-Ups:
- Re: possible compromise of master.debian.org?
  - From: Michael Alan Dorman <mdorman@viper.law.miami.edu>
- Re: possible compromise of master.debian.org?
  - From: bruce@pixar.com (Bruce Perens)

Prev by Date: Monkey business involving debian.novare.net
Next by Date: logins on "master" may be disabled for some time
Previous by thread: Monkey business involving debian.novare.net
Next by thread: Re: possible compromise of master.debian.org?
Index(es):
- Date
- Thread