FWN/Issue140

From FedoraProject

< FWN
Revision as of 01:18, 20 August 2008 by Ush (Talk | contribs)

Jump to: navigation, search

Breaking News on the Infrastructure Outage

This special issue of FWN will be updated to reflect new information as soon as it is made available to us. Currently we are still relying on the information posted by Paul Frields on @fedora-infrastructure just like the rest of you. As reported in FWN#139 "General Outage of Fedora Infrastructure" all that is known is that the problems became obvious to a wide audience on August 13th.

[1] http://fedoraproject.org/wiki/FWN/LatestIssue#General_Outage_of_Fedora_Infrastructure

An update[2] was posted by Paul Frields on 18 August which listed the services which had returned to normal and were expected to return to normal soon. Public speculation latched on[3][4] to the fact that the SSH keys of "fedorahosted" had changed. Most guesses used this as evidence that something similar to the recent 2008 Debian OpenSSL vulnerabilities (not be confused with the 2003 Debian Project compromise[5] which was due to a 0-day kernel exploit or the 2006 compromise[6]) had occurred. FAS holders received an email asking them to reset their passwords as a precautionary measure which further heightened suspicions that something similar to the SSL problem had occurred.

[2] https://www.redhat.com/archives/fedora-announce-list/2008-August/msg00011.html

[3] http://lwn.net/Articles/294547/

[4] https://www.redhat.com/archives/fedora-devel-list/2008-August/msg00790.html

[5] A key developer's machine was compromised due to a kernel exploit[5a] and then password sniffers were installed which provided the attacker(s) with root access to at least one key Debian server (klecker.debian.org). This was used as a staging post to install another sniffer and a chain of two more servers were compromised. As as result of modifications made to the one of the kernels it started OOPsing and investigations of this revealed the problem.

[5a] http://www.securityfocus.com/archive/1/346095/2003-11-28/2003-12-04/0

[6] http://www.debian.org/News/2006/20060713

[7] Metasploit has an excellent writeup on the topic here: http://www.metasploit.com/users/hdm/tools/debian-openssl/