In association with heise online

17 August 2007, 13:31

Gentoo takes server offline due to security vulnerabilities

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The Gentoo project, which produces a Linux distribution that you can compile from the sources for your specific hardware, has taken additional servers offline due to a security vulnerability in According to Gentoo, on August 7th an command injection vulnerability that enabled manipulation of the system was detected on The following sites


were hosted on the same server. They are currently undergoing forensic examination and hence can't be accessed. After their restoration they will go back online, but Gentoo isn't giving any indication of when that will be.

It is unknown whether a manipulation on the server has already occurred. However, according to information provided by Alex Howells from Gentoo it was never possible at any time to change the packages. He told heise Security that only compiles information from the Portage tree and presents them to the user in readable form. A manipulation of the sources and packages has not been possible.

Just recently, numerous Ubuntu community servers had to be taken off the net after they had been penetrated by unknown sources and exploited for attacks on other systems. There too, potential access to packages or source text was not possible.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit