From Fedora Project Wiki

Breaking News on the Infrastructure Outage

This special issue of FWN will be updated to reflect new information as soon as it is made available to us. Currently we are still relying on the information posted by Paul Frields on @fedora-infrastructure just like the rest of you. As reported in FWN#139 "General Outage of Fedora Infrastructure" all that is known is that the problems became obvious to a wide audience on August 13th.

[1] http://fedoraproject.org/wiki/FWN/LatestIssue#General_Outage_of_Fedora_Infrastructure

An update[2] was posted by Paul Frields on 18 August which listed the services which had returned to normal and were expected to return to normal soon. Public speculation latched on[3][4] to the fact that the SSH keys of "fedorahosted" had changed. Most guesses used this as evidence that something similar to the recent 2008 Debian OpenSSL vulnerabilities (not be confused with the 2003 Debian Project compromise[5] which was due to a 0-day kernel exploit or the 2006 compromise[6]) had occurred. FAS holders received an email asking them to reset their passwords as a precautionary measure which further heightened suspicions that something similar to the SSL problem had occurred. Some confusion prevailed[8] on @fedora-devel as to whether it was possible to trust the new key fingerprint on the website. JimMeyering added[8a] a useful post which explained how to change from using a DSA ssh key to an RSA ssh key. Overall there was a surprisingly low level of public discussion of the problem and it was not until 18 August that some complaints about the lack of information were expressed[9] on @fedora-list.

[2] https://www.redhat.com/archives/fedora-announce-list/2008-August/msg00011.html

[3] http://lwn.net/Articles/294547/

[4] https://www.redhat.com/archives/fedora-devel-list/2008-August/msg00790.html

[5] A key developer's machine was compromised due to a kernel exploit[5a] and then password sniffers were installed which provided the attacker(s) with root access to at least one key Debian server (klecker.debian.org). This was used as a staging post to install another sniffer and a chain of two more servers were compromised. As as result of modifications made to the one of the kernels it started OOPsing and investigations of this revealed the problem.

[5a] http://www.securityfocus.com/archive/1/346095/2003-11-28/2003-12-04/0

[6] http://www.debian.org/News/2006/20060713

[7] Metasploit has an excellent writeup on the topic here: http://www.metasploit.com/users/hdm/tools/debian-openssl/

[8] https://www.redhat.com/archives/fedora-devel-list/2008-August/msg00841.html

[9] https://www.redhat.com/archives/fedora-list/2008-August/msg01953.html