AOH :: IS1046.HTM

Red Hat hack prompts critical OpenSSH update




Red Hat hack prompts critical OpenSSH update
Red Hat hack prompts critical OpenSSH update



http://www.theregister.co.uk/2008/08/22/red_hat_systems_hacked/ 

By John Leyden
The Register
22nd August 2008

Red Hat has warned that hackers were able to commandeer its systems and 
tamper with code - but said that since its content distribution was not 
hit, it is confident that polluted code has not served up to users.

The first hint that something was wrong came last week when Fedora 
rebuilt its systems, a reconstruction that was accompanied by extended 
outages. Red Hat sponsors the Linux distribution. Fortunately Fedora 
packages weren't interfered with following the attack, but Red Hat 
Enterprise Linux packages were touched up by as yet unidentified 
miscreants.

"Last week Red Hat detected an intrusion on certain of its computer 
systems and took immediate action," Red Hat said in a critical security 
advisory [1] issued on Friday. "While the investigation into the 
intrusion is ongoing, our initial focus was to review and test the 
distribution channel we use with our customers."

While checks on its content distribution networks came back clean, it 
did turn up some problems.

"An intruder was able to sign a small number of OpenSSH packages 
relating only to Red Hat Enterprise Linux 4 (i386 and x86_64 
architectures only) and Red Hat Enterprise Linux 5 (x86_64 architecture 
only).

[1] https://www.redhat.com/archives/fedora-announce-list/2008-August/msg00012.html 

[...]


__________________________________________________      
Register now for HITBSecConf2008 - Malaysia! With 
a new triple-track conference featuring 4 keynote 
speakers and over 35 international experts, this 
is the largest network security event in Asia and 
the Middle East! 
http://conference.hackinthebox.org/hitbsecconf2008kl/ 

Site design & layout copyright © 1986-2014 CodeGods