Gentoo rsync.gentoo.org server compromised

歡喜聊天區!除了有關暴力、血腥、色情與測試項目以外,都可聊!

Moderator: Forums Team

Post Reply
pahud
24hr 義工
Posts: 1251
Joined: Tue Nov 26, 2002 10:22 pm
Contact:

Gentoo rsync.gentoo.org server compromised

Post by pahud »

http://www.gentoo.org/security/en/glsa/ ... 312-01.xml

rsync.gentoo.org其中一台rotation server 被remote exploit
入侵,但Daniel Robbins確認portage沒被影響。正在找尋remote exploit 的入侵方式。


slashdot
chuany
Posts: 22
Joined: Tue Nov 26, 2002 10:54 pm
Location: chuany.net
Contact:

Re: Gentoo rsync.gentoo.org server compromised

Post by chuany »

pahud wrote:http://www.gentoo.org/security/en/glsa/glsa-200312-01.xml

rsync.gentoo.org其中一台rotation server 被remote exploit
入侵,但Daniel Robbins確認portage沒被影響。正在找尋remote exploit 的入侵方式。


slashdot
最近 OpenSource 被攻擊的事件層級越來越高,大家要特別多多注意一些套件上應該更新的訊息。

Debian unstable 已經一週多沒更新除了與 Kernel 相關以外的其他套件了。 :?
:wq chuany
paar
Posts: 1154
Joined: Thu Jan 30, 2003 10:53 am
Location: 打狗市
Contact:

Post by paar »

難道是某廠商的商業攻擊手法?
錢砸下去就有人來做了..
叫我老帕好了!
Image
dno
Posts: 51
Joined: Sun Nov 30, 2003 5:13 pm
Location: 台灣 / 桃園 / 龜山
Contact:

Re: Gentoo rsync.gentoo.org server compromised

Post by dno »

pahud wrote:http://www.gentoo.org/security/en/glsa/glsa-200312-01.xml
在這份安全通報內提及了使用者可以用:

Code: Select all

# emerge sync
來確保 portage 的檔案是正確無誤的!
pahud
24hr 義工
Posts: 1251
Joined: Tue Nov 26, 2002 10:22 pm
Contact:

Post by pahud »

應該是這個rsync vuln.搭配do_brk()造成的
[SECURITY] [DSA 404-1] New rsync packages fix unauthorised remote code execution
DSA 404-1 wrote:While this heap overflow vulnerability could not be used by itself to
obtain root access on an rsync server, it could be used in combination
with the recently announced do_brk() vulnerability in the Linux kernel
to produce a full remote compromise.
快更新rsync吧!
*rsync-2.5.7

04 Dec 2003; Seemant Kulleen <seemant@gentoo.org> rsync-2.5.7.ebuild:
version bump for security vulnerability
GLSA: exploitable heap overflow in rsync (200312-03)
Post Reply