Shostack + Friends Blog Archive


Debian CVS server compromised

Here’s news of a breach that (I presume) involved no PII, but which could be significant.
I wrote about a previous Debian breach back in December, 2003. I hadn’t realized it had been so long!
Update: Local vuln used to elevate privs. Local access gained due to weak developer password. Details here.