[ale] Recent events with RH/Fedora servers.

Jim Kinney jim.kinney at gmail.com
Mon Sep 1 20:48:46 EDT 2008


I'll add to this as I read (between the lines) and understand:

Bad versions of ssh binaries were made available for subscriber use from
RedHat servers. This did not involve a compromise of their key system. My
"between the lines" part suggests that their internal source repository was
compromised and the bad code was then compiled through normal channels which
dodged needing to break into their hardware-keyed signing process.

As RedHat does NOT distribute binaries by means other than RHN subscription,
this suggests that because the trojaned code was compiled through their
normal channels it was released through the RHN process. I have seen one
machine in the field running the code that matched their md5sum on the
binariy and I know that machine was pulling from a sattelite server (which
pulls from RHN).

RedHat does not curently use yum for their repositories. Yum is used by
Fedora.

On Sun, Aug 31, 2008 at 9:34 PM, Jeff Lightner <jlightner at water.com> wrote:

> I'd think so.
>
> Remember however that the "download" issue is only if you're NOT getting
> your downloads via RedHat Network (RHN) subscriptions.  If you are
> getting them via subscriptions then what you got was never compromised.
> If you've been getting your "downloads" via yum from official
> repositories then they weren't compromised based on my read of the
> official alert issued by RedHat.
>
> -----Original Message-----
> From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of
> Scott Castaline
> Sent: Sunday, August 31, 2008 5:18 PM
> To: Atlanta Linux Enthusiasts
> Subject: [ale] Recent events with RH/Fedora servers.
>
> With the recent events happening with theses servers would a downloaded
> image file that was downloaded during the time frame involved and again
> on 8/29/08 share the same SHA1 hash could I consider the first one as
> safe to use?
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> ----------------------------------
> CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential
> information and is for the sole use of the intended recipient(s). If you are
> not the intended recipient, any disclosure, copying, distribution, or use of
> the contents of this information is prohibited and may be unlawful. If you
> have received this electronic transmission in error, please reply
> immediately to the sender that you have received the message in error, and
> delete it. Thank you.
> ----------------------------------
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
>



-- 
-- 
James P. Kinney III
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20080901/c1355c1c/attachment.html 


More information about the Ale mailing list