DBSA:2013-0004
DBSA ID: 2013-0004
Regarding: Debian-Multimedia repository potential compromise
Related to: DBSA:2013-0002
Writeup: Kradorex Xeron (talk) 02:23, 15 June 2013 (EDT)
Date: 2013 05 21
Last Modified: 20130615022343 by Kradorex Xeron
Who should take note: Debian (and derivative) Users and System Administrators
Classification
Priority: HIGH
Rationale: The domain name may be misused at any point to attempt to hijack the systems updating against the repository.
Severity: MEDIUM
Rationale: There has been no observed impact, but the network hosting the current 'debian-multimedia.org' domain is high-risk for misuse of the domain name.
Spread of Issue: LIMITED MEDIUM
Rationale: Considering that 'debian-multimedia' is not a core repository of Debian installations and most derivatives thereof, the spread does not qualify for a "HIGH" rating, but is increased due to the high usage of the packages serviced by the repository.
Description
The domain name, 'debian-multimedia.org' that supports a widely used software repository, 'debian-multimedia' has had its domain name taken over by a party unrelated to the Debian project in any official or unofficial capacity.
Technical Details
There is no technical details to discuss in this advisory.
Mitigation/Solution
Those affected are advised to visit http://deb-multimedia.org and install the new location of the repository and remove the old, 'debian-multimedia.org' repository from apt configuration.
It is advised to treat the 'debian-multimedia.org' domain name as compromised and audit any transfers performed .