gentoo
Gentoo GitHub hack modified ebuilds
An attacker gained control of Gentoo's GitHub organization administrator account (reportedly 'risacher' via password guessing). The attacker modified content, including ebuilds for 'portage' and 'musl-dev' in the main Gentoo ebuild repository, replacing them with malicious versions designed to execute 'rm -rf /' which would attempt to remove all files from users' systems. Access was quickly regained and changes reverted.
- Date
- 2018-06-28
- Category
- Open Source
- Target Surface
- Revision control
- Insertion Phase
- source
- Impact
- Service Disruption
- Cause
- Compromised Account/Credentials
What Was Affected
Package
gentoo
LanguageShell
ComponentDistribution
Artifact typerevision control system
Domain typecode host
Domain
github.com
Repository
github.com/gentoo
Compromised Versions
- Various ebuilds and scripts hosted on GitHub at the time of compromise
Incident Context
- Motive
- Disruption/Protest
- Attribution
- Individual Hacker
- Transitive
- No
- Observed Duration
- 0 days
Evidence
Compromised Artifacts
- github.com/gentoo/gentoo/commit/b8ed5a815dfb8c077a92e6a3a90c1ae6a88d284d
- github.com/gentoo-mirror/gentoo/archive/refs/heads/master.zip
Current Artifacts and Analysis
Indicators and Changes
Hashes
sha1:b8ed5a815dfb8c077a92e6a3a90c1ae6a88d284dsha1:2bd555a1138cb197271e8ddeec38bf4c7ae71844
Commits
External References
Source Data
Source record: oss/gentoo/meta.yaml