Page 1 of 1
Gentoo rsync.gentoo.org server compromised
Posted: Thu Dec 04, 2003 6:50 am
by pahud
http://www.gentoo.org/security/en/glsa/ ... 312-01.xml
rsync.gentoo.org其中一台rotation server 被remote exploit
入侵,但Daniel Robbins確認portage沒被影響。正在找尋remote exploit 的入侵方式。
slashdot
Re: Gentoo rsync.gentoo.org server compromised
Posted: Thu Dec 04, 2003 10:13 am
by chuany
pahud wrote:http://www.gentoo.org/security/en/glsa/glsa-200312-01.xml
rsync.gentoo.org其中一台rotation server 被remote exploit
入侵,但Daniel Robbins確認portage沒被影響。正在找尋remote exploit 的入侵方式。
slashdot
最近 OpenSource 被攻擊的事件層級越來越高,大家要特別多多注意一些套件上應該更新的訊息。
Debian unstable 已經一週多沒更新除了與 Kernel 相關以外的其他套件了。

Posted: Thu Dec 04, 2003 3:27 pm
by paar
難道是某廠商的商業攻擊手法?
錢砸下去就有人來做了..
Re: Gentoo rsync.gentoo.org server compromised
Posted: Thu Dec 04, 2003 8:00 pm
by dno
pahud wrote:http://www.gentoo.org/security/en/glsa/glsa-200312-01.xml
在這份安全通報內提及了使用者可以用:
來確保 portage 的檔案是正確無誤的!
Posted: Thu Dec 04, 2003 11:48 pm
by pahud
應該是這個rsync vuln.搭配do_brk()造成的
[SECURITY] [DSA 404-1] New rsync packages fix unauthorised remote code execution
DSA 404-1 wrote:While this heap overflow vulnerability could not be used by itself to
obtain root access on an rsync server, it could be used in combination
with the recently announced do_brk() vulnerability in the Linux kernel
to produce a full remote compromise.
快更新rsync吧!
*rsync-2.5.7
04 Dec 2003; Seemant Kulleen <seemant@gentoo.org> rsync-2.5.7.ebuild:
version bump for security vulnerability
GLSA: exploitable heap overflow in rsync (200312-03)