[ale] Redhat and Fedora servers compromised

Jim Kinney jim.kinney at gmail.com
Fri Aug 22 18:37:30 EDT 2008


My understanding is Fedora found evidence of unauthorized access but no
evidence of that access being used. The changing of their package signing
keys is a precautionary measure.

The RedHat unauthorized access did involve malicious activity which changed
the openssh binaries on an unspecified number of RHN servers. Currently,
RedHat has not released a change in signing keys which indicates the either
the binaries were not signed (and thus would not be loadable in a properly
configured RedHat system) or the signature is invalid (thus again not
affecting a properly installed RedHat - or CentOS - server). There is an
outside chance that RedHats signing key was stolen and they have not
revealed that but given the history of RedHat and their openess in general,
I currently do not think the key has been compromised.

On Fri, Aug 22, 2008 at 5:31 PM, <hscast at charter.net> wrote:

>
> ---- Jim Kinney <jim.kinney at gmail.com> wrote:
> > A very distressing announcement.
> > Be aware that this impacts CentOS servers as well. They have posted
> notice
> >
> http://lists.centos.org/pipermail/centos-announce/2008-August/015193.html
> >
> http://lists.centos.org/pipermail/centos-announce/2008-August/015194.html
> > of the updated openssh packages to re-secure the repositories.
> >
> > On Fri, Aug 22, 2008 at 3:04 PM, Bob Toxen <transam at verysecurelinux.com
> >wrote:
> >
> > > "In an email sent to the fedora-announce mailing list, it has been
> > > revealed that both Fedora and Red Hat servers have been compromised
> > > <
> > >
> https://www.redhat.com/archives/fedora-announce-list/2008-August/msg00012.html
> >
> > > .
> > > As a result Fedora is changing their package signing key.  Red
> > > Hat has released a security advisory
> > > <https://rhn.redhat.com/errata/RHSA-2008-0855.html>  and a script to
> > > detect potentially compromised openssh packages
> > > <http://www.redhat.com/security/data/openssh-blacklist.html> ."
> > >
> > >
> > > Anyone running a Fedora or Red Hat Enterprise system where RPMs may
> have
> > > been
> > > installed recently, either automatically or manually, is at risk and
> should
> > > download Red Hat's tool to check for compromised RPMs.
> > >
> > > No doubt Microsoft will try to hype this.  Remember that Microsoft is
> > > forced
> > > to provide a patch for the equivalent of a remote root vulnerability
> that
> > > affects MOST
> > > customers almost weekly, in our opinion.
> > >
> > > This appears to be a fault in System Administration by Red Hat rather
> than
> > > a security bug in Linux, though not all the facts are in at this time.
> > >
> > > Linux still is far more secure and reliable than Microsoft.
> > >
> > > Bob Toxen
> > > bob at verysecurelinux.com               [Please use for email to me]
> > > _______________________________________________
> > > Ale mailing list
> > > Ale at ale.org
> > > http://mail.ale.org/mailman/listinfo/ale
> > >
> >
> >
> >
> > --
> > --
> > James P. Kinney III
> Am I understanding this correct that the software used for updates as well
> may be contaminated as well? I am currently experiencing weird problems like
> things disappearing, unable to launch apps and now I can't login, oh also
> the gdm screen has gone black with just the login box. Running Fedora 9 or
> trying to. It's a little confusing right now since I also have new hardware,
> all at the same time.
>



-- 
-- 
James P. Kinney III
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20080822/c2017ce5/attachment.html 


More information about the Ale mailing list