Hackers obtained access to FreeBSD servers

The team behind the FreeBSD operating system reported that an intrusion into two of its servers was detected on 11 November. The security team says that the two affected servers were taken offline immediately and that investigations show that the first unauthorized access probably took place on 19 September. Apparently, the intruders didn't exploit any security holes in FreeBSD; instead, they stole the SSH key of a developer with regular access privileges.

The team says that it has now audited the basic system (base) as well as the third-party packages: no unauthorized changes have been found in the base system's source code, and all program packages that are currently available to download have also been verified. However, the developers note that they can't guarantee the integrity of packages that were downloaded between 19 September and 11 November. To be on the safe side, the project recommends that administrators of computers that were updated during this time should consider reinstalling affected systems from trusted sources. The developers added that they themselves can't guarantee the integrity of package sets that have been uploaded for the upcoming FreeBSD 9.1, and that these sets will be rebuilt before the release of this version of the operating system.