----- Forwarded message from The AGNULA project <info@xxxxxxxxxx> ----- Subject: [Discussioni] Main AGNULA Host attacked (and potentially compromised) From: The AGNULA project <info@xxxxxxxxxx> Reply-To: "Discussioni sul software libero." <discussioni@xxxxxxxxxxxxxxxxx> Date: Tue, 19 Apr 2005 18:45:46 +0200 To: announce@xxxxxxxxxxxxxxxx User-Agent: T-gnus/6.15.7 (based on Oort Gnus v0.08) SEMI/1.14.6 (Maruoka) FLIM/1.14.6 (Marutamachi) APEL/10.6 MULE XEmacs/21.4 (patch 17) (Jumbo Shrimp) (i386-debian-linux) +-----------------------------------------------------------------+ | ______ ______ _ _ _ | | /\ / _____) ___ \| | | | | /\ | | / \ | / ___| | | | | | | | / \ | | / /\ \| | (___) | | | | | | | / /\ \ | | | |__| | \____/| | | | |___| | |_____| |__| | | | |______|\_____/|_| |_|\______|_______)______| | | | +-----------------------------------------------------------------+ [Sorry for cross-posting. Feel free to forward around] Florence, 19 April 2005 +++ Main AGNULA Host attacked (and potentially compromised) On Sunday, April 16 2005, the main AGNULA host (agnula.speech.kth.se, hosting lists.agnula.org, www.agnula.org, download.agnula.org, devel.agnula.org, muzik.agnula.org and related services) was subject to an attack (see below). The attacker(s) (whose identity is unknown as of today) managed to download, *but not succesfully run*, a backdoor on the system; thanks to the tight security measures implemented on the host - and after a thorough check of the whole system - we believe that the latter was *not* compromised. However, following good security practices and common sense, we can not guarantee the integrity of the host. Since we had already planned an extensive upgrade of the server, we decided to go down the safer route: completely wipe out the system, reinstall everything from scratch and recover backup data from the day before the attempted compromise. The wipeout/installation/recover operations will begin tomorrow (April 20, 2005) early afternoon (approximately 3:00 p.m., Central European Time). They should be concluded *at most* on Monday (April 25, 2005) - we actually hope to do everything much quicker, but you will understand our main concern in this moment is reliability and not speed. In the meantime, we urge you to use the mirrors at: * http://freesoftware.ircam.fr/mirrors/agnula/ * http://ccrma.stanford.edu/mirrors/agnula/ The mailing lists (including the archives), the main web site, the AGNULA Libre Music web site, the AGNULA Development platform will be unusable until after the reinstallation process is finished. We are quite confident that you can safely download and install the latest released version of A/DeMuDi (1.2.1-rc2) as well as all the previous ones, as the relevant ISO images were uploaded on the server before the attack and we have no tangible proof that they have been tampered with. +++ The attack The attack used a bug in GForge 3.x "scm" subsystem. We decided not to immediately disclose full information on the type of the attack; we promptly informed to the maintainers of the affected program, and we are waiting for the "green light" on their side before posting details in the wild. We urge all administrators of GForge-based systems (all 3.x series seem affected by it) to temporarily disable the "scm" subsystem, until a proper patch has been issued. The discovery and the analysis were conducted by Filippo Morelli <spike@xxxxxxxxxx>. We would like to publically thank him for his prompt action and detailed report, that allowed us to take the necessary steps very quickly. +++ About AGNULA: Agnula (acronym for A GNU/Linux Audio distribution, pronounced with a strong g) is the name of a project funded until April 2004 by the European Commission (number of contract: IST-2001-34879; key action IV.3.3, Free Software: towards the critical mass). After the end of the funded period, AGNULA is continuing its work, aiming to spread Libre Software in the professional audio/video arena. Big thanks to the following institutions for their help in supporting AGNULA: - Firenze Tecnologia <http://www.firenzetecnologia.it> for paying Free Ekanayaka to work full-time on maintaining A/DeMuDi; - Swedish Royal Institute of Technology <http://www.kth.se/> for housing the main AGNULA server - IRCAM <http://www.ircam.fr> and CCRMA <http://ccrma.stanford.edu/> for providing mirror space and bandwidth Best regards, -- The AGNULA Team info@xxxxxxxxxx Our mailing lists: http://lists.agnula.org/ Our web site: http://www.agnula.org/ "There's no free expression without control on the tools you use" _______________________________________________ Discussioni mailing list Discussioni@xxxxxxxxxxxxxxxxx http://lists.softwarelibero.it/mailman/listinfo/discussioni Totale iscritti: maggiore di 350 ----- End forwarded message ----- -- Free Software Enthusiast Debian Powered Linux User #332564 http://shine.homelinux.org