Home page logo
/

funsec logo funsec mailing list archives

Re: Fedora confirms: Our servers were breached
From: "Larry Seltzer" <larry () larryseltzer com>
Date: Fri, 22 Aug 2008 11:51:02 -0400

Holy crap, that's quite a breach.

Note that RedHat says, on the one hand, that 

...based on our efforts, we have high confidence
that the intruder was not able to capture the passphrase used to
secure
the Fedora package signing key. Based on our review to date, the
passphrase was not used during the time of the intrusion on the
system
and the passphrase is not stored on any of the Fedora servers."

On the other hand, they have issued a critical openssh security update
(http://rhn.redhat.com/errata/RHSA-2008-0855.html) 
the description of which says:

In connection with the incident, the intruder was able to sign a
small 
number of OpenSSH packages relating only to Red Hat Enterprise Linux
4 
(i386 and x86_64 architectures only) and Red Hat Enterprise Linux 5
(x86_64 
architecture only). As a precautionary measure, we are releasing an 
updated version of these packages, and have published a list of the 
tampered packages and how to detect them at 
http://www.redhat.com/security/data/openssh-blacklist.html

Is there a subtle distinction I'm missing here?

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.pcmag.com/securitywatch/
Contributing Editor, PC Magazine
larry.seltzer () ziffdavisenterprise com


-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org]
On Behalf Of Juha-Matti Laurio
Sent: Friday, August 22, 2008 10:45 AM
To: funsec () linuxbox org
Subject: [funsec] Fedora confirms: Our servers were breached

New information about the "important infrastructure issue" affecting to
Fedora Project has been released today.

Mr. Paul W. Frields, Fedora Project Leader has posted an announcement
about the facts, including:

"One of the compromised Fedora servers was a system used for signing
Fedora packages."

More information available at
https://www.redhat.com/archives/fedora-announce-list/2008-August/msg0001
2.html
and
http://blogs.securiteam.com/index.php/archives/1130

Juha-Matti
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.



_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]