From Digibase Knowledge Base
Jump to: navigation, search

DBSA ID: 2013-0004

Regarding: Debian-Multimedia repository potential compromise

Related to: DBSA:2013-0002

Writeup: Kradorex Xeron (talk) 02:23, 15 June 2013 (EDT)

Date: 2013 06 15

Last Modified: 20130615022437 by Kradorex Xeron

Who should take note: Debian (and derivative) Users and System Administrators


Priority: HIGH

Rationale: The domain name may be misused at any point to attempt to hijack the systems updating against the repository.

Severity: MEDIUM

Rationale: There has been no observed impact, but the network hosting the current 'debian-multimedia.org' domain is high-risk for misuse of the domain name.

Spread of Issue: LIMITED MEDIUM

Rationale: Considering that 'debian-multimedia' is not a core repository of Debian installations and most derivatives thereof, the spread does not qualify for a "HIGH" rating, but is increased due to the high usage of the packages serviced by the repository.


The domain name, 'debian-multimedia.org' that supports a widely used software repository, 'debian-multimedia' has had its domain name taken over by a party unrelated to the Debian project in any official or unofficial capacity.

Technical Details

There is no technical details to discuss in this advisory.


Those affected are advised to visit http://deb-multimedia.org and install the new location of the repository and remove the old, 'debian-multimedia.org' repository from apt configuration.

It is advised to treat the 'debian-multimedia.org' domain name as compromised and audit any transfers performed .