headers
Andrea Barisani | 20 Aug 2007 22:22
Picon
Favicon

news update about the compromise


Hi folks,

robbat2 is finish up analysis (robbat2 can you please ping me with your
status) of the recent compromise and we should release a news update fairly
soon, the press is starting covering the story as "OMG critical servers of
Gentoo hare pwn3d" which is really not the case.

So can I ask you to prepare a news update and send it to me, robbat2 and the
infra/security team for review? (still waiting for robbat2 final analysis
results).

Anyway, here are the facts:

a) there's no evidence of other than local account privileges being accessed

b) those privileges apparently have not been used at all, it seems that only
some script kiddies tried and failed

c) the server is not critical to gentoo and it provided only informational
services, it's in no way connected to active development, package creation or
portage mirrors

d) because of c) we have the luxury of *treating* this as a full compromise
and take proper mitigation steps which consistend in revoking the few
credentials that were on it (not sufficient anyway to gain access to other
boxes even if cracked.

So yes, there was a vuln, it was embarassing (and it will prompt better code
review), but no damange has been (apparently) perpetrated...and if so it's
(Continue reading)

Permalink | Reply | 1 comment |
headers
rferrer | 20 Aug 2007 22:44

Re: [gentoo-security] news update about the compromise

Buenas...

Actualmente estoy de vacaciones. No estaré disponible hasta el 21 de agosto.

Para cualquier consulta dirígete a cualquiera de los siguientes departamentos:

info <at> xyon-servers.com (información general. Normalmente consultas para la contratación de nuevos servicios)

altas <at> xyon-servers.com (Consultas sobre reservas solicitadas, renovaciones, pagos, modificaciones
en los datos, etc.)

tecnico <at> xyon-servers.com (para cualquier consulta técnica sobre el servicio que tengas contratado)

Un saludo.

Ricardo Ferrer Muñoz
rferrer <at> xyon-servers.com
XYON-SERVERS, S.L.U.

--

-- 
gentoo-security <at> gentoo.org mailing list
Permalink | Reply | 0 comments |
headers
rferrer | 20 Aug 2007 23:04

Re: Re: [gentoo-security] news update about the compromise

Buenas...

Actualmente estoy de vacaciones. No estaré disponible hasta el 21 de agosto.

Para cualquier consulta dirígete a cualquiera de los siguientes departamentos:

info <at> xyon-servers.com (información general. Normalmente consultas para la contratación de nuevos servicios)

altas <at> xyon-servers.com (Consultas sobre reservas solicitadas, renovaciones, pagos, modificaciones
en los datos, etc.)

tecnico <at> xyon-servers.com (para cualquier consulta técnica sobre el servicio que tengas contratado)

Un saludo.

Ricardo Ferrer Muñoz
rferrer <at> xyon-servers.com
XYON-SERVERS, S.L.U.

--

-- 
gentoo-security <at> gentoo.org mailing list
Permalink | Reply | 1 comment |
headers
Andrea Barisani | 22 Aug 2007 20:34
Picon
Favicon

Re: [gentoo-infrastructure] news update about the compromise

On Mon, Aug 20, 2007 at 08:22:02PM +0000, Andrea Barisani wrote:

Folks I had not a single reply about this. I cannot avoid to stress that the
more we wait the worse it gets image wise.

Robbat2 can you provide a status update?

Bye and Thanks to all

> 
> Hi folks,
> 
> robbat2 is finish up analysis (robbat2 can you please ping me with your
> status) of the recent compromise and we should release a news update fairly
> soon, the press is starting covering the story as "OMG critical servers of
> Gentoo hare pwn3d" which is really not the case.
> 
> So can I ask you to prepare a news update and send it to me, robbat2 and the
> infra/security team for review? (still waiting for robbat2 final analysis
> results).
> 
> Anyway, here are the facts:
> 
> a) there's no evidence of other than local account privileges being accessed
> 
> b) those privileges apparently have not been used at all, it seems that only
> some script kiddies tried and failed
> 
> c) the server is not critical to gentoo and it provided only informational
> services, it's in no way connected to active development, package creation or
(Continue reading)

Permalink | Reply | 0 comments |

Gmane