August 23, 2008

Is my (RedHat) system compromized ?

Recently RedHat informed it`s Fedora and RHEL users about some successfull intrusions into their key servers responsible for providing update to end-users and also a key system used for signing Fedora packages . Read about these two cases here (fedora) and here (REHL) .
As you may have noticed, attackers backdoored and signed(!) OpenSSH package on RHEL server.

If you`ve configured your systems to automatically download and install offered updates , you can use the script provided here to check if you`ve installed backdoored OpenSSH server or not .

I`m afraid that this year we`ve seen too much check-blacklist.sh scripts ... !

Below is list of affected packages , based on SANS alert :

Red Hat Desktop (v. 4)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux AS (v. 4.5.z)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux ES (v. 4.5.z)
Red Hat Enterprise Linux WS (v. 4)

No comments:

Post a Comment