A member of the Debian GNU/Linux system administration team believes there is an unknown local root exploit for the Linux kernel circulating in the wild and says it may have been used to compromise four servers belonging to the free software project, after initial unprivileged access was gained by using a sniffed password. Debian is a free operating system which uses the Linux kernel; most of the basic OS tools come from the GNU project hence the name GNU/Linux. The break-in was reported on November 21.
An ongoing investigation had shown that a sniffed password was used to initially access the server named klecker, one of four which was compromised, a post to one of the Debian mailing lists, by James Troup, said.
Troup said that on November 20, it had been noticed that the kernel on a server called master, which hosts the project's bug tracking system, was doing an oops - something which occurs when the kernel code gets into an unrecoverable state.
