SleepyEgg

The Linux kernel archive website, which is located at kernel.org, was compromised by attackers last month. According to a statement posted yesterday on the website, unauthorized parties successfully seized root access to several kernel.org servers and planted a trojan. The site hosts the source code of the Linux kernel, and a number of other projects.

The intrusion was reported to kernel.org users earlier this week by site administrator John Hawley. The attack is believed to have occurred on August 12 but wasn't detected until August 28. The attack vector isn't known for certain, but it is thought that the attacker somehow obtained a legitimate user's login credentials and then exploited an unknown privilege escalation vulnerability. The attack was discovered when an Xnest error message was found in the system logs on a server that did not have Xnest installed.