funsec mailing list archives
Re: Fedora confirms: Our servers were breached
From: "Larry Seltzer" <larry () larryseltzer com>
Date: Fri, 22 Aug 2008 11:51:02 -0400
Holy crap, that's quite a breach. Note that RedHat says, on the one hand, that
...based on our efforts, we have high confidence that the intruder was not able to capture the passphrase used to
secure
the Fedora package signing key. Based on our review to date, the passphrase was not used during the time of the intrusion on the
system
and the passphrase is not stored on any of the Fedora servers."
On the other hand, they have issued a critical openssh security update (http://rhn.redhat.com/errata/RHSA-2008-0855.html) the description of which says:
In connection with the incident, the intruder was able to sign a
small
number of OpenSSH packages relating only to Red Hat Enterprise Linux
4
(i386 and x86_64 architectures only) and Red Hat Enterprise Linux 5
(x86_64
architecture only). As a precautionary measure, we are releasing an updated version of these packages, and have published a list of the tampered packages and how to detect them at http://www.redhat.com/security/data/openssh-blacklist.html
Is there a subtle distinction I'm missing here? Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.pcmag.com/securitywatch/ Contributing Editor, PC Magazine larry.seltzer () ziffdavisenterprise com -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Juha-Matti Laurio Sent: Friday, August 22, 2008 10:45 AM To: funsec () linuxbox org Subject: [funsec] Fedora confirms: Our servers were breached New information about the "important infrastructure issue" affecting to Fedora Project has been released today. Mr. Paul W. Frields, Fedora Project Leader has posted an announcement about the facts, including: "One of the compromised Fedora servers was a system used for signing Fedora packages." More information available at https://www.redhat.com/archives/fedora-announce-list/2008-August/msg0001 2.html and http://blogs.securiteam.com/index.php/archives/1130 Juha-Matti _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Fedora confirms: Our servers were breached Juha-Matti Laurio (Aug 22)
- Re: Fedora confirms: Our servers were breached Larry Seltzer (Aug 22)
- Re: Fedora confirms: Our servers were breached Valdis . Kletnieks (Aug 22)
- Re: Fedora confirms: Our servers were breached Larry Seltzer (Aug 22)
- Re: Fedora confirms: Our servers were breached Valdis . Kletnieks (Aug 22)
- Re: Fedora confirms: Our servers were breached Valdis . Kletnieks (Aug 22)
- Re: Fedora confirms: Our servers were breached Dragos Ruiu (Aug 22)
- Re: Fedora confirms: Our servers were breached Larry Seltzer (Aug 22)
- Re: Fedora confirms: Our servers were breached Larry Seltzer (Aug 22)