According to foreign media reports, several unknown hackers have recently successfully intruded Linux vendor RedHat and several computer systems used by their Fedroa project, forcing administrators to disconnect these computers for more than a week. According to the Fedora Project announcement, the most affected computer in this intrusion is from the Fedora Project. The computer is mainly responsible for signing the Package Manager and the package manager is used to automatically update the end user system. This intrusion also affected the database and proxy servers, managed systems, and
According to foreign media reports, several unknown hackers have recently successfully penetrated several computer systems used by Linux vendor Red Hat and Its Fedroa project, forcing administrators to disconnect these computers for more than a week.
According to the Fedora Project announcement, the most affected computer in this intrusion is from the Fedora Project. The computer is mainly responsible for signing the Package Manager and the package manager is used to automatically update the end user system. This intrusion also affected the database and proxy server, hosting system, and collaborative network of the Fedroa project. In addition, a small portion of the servers used by Red Hat are also infiltrated.
Although the damage caused by this intrusion seems serious, the Fedroa project claims that intruders did not obtain the package signature key. Once the attacker obtains this key, the malware can be automatically updated and installed in the Fedora user system.
According to Paul Frields, the leader of the Fedora Project, "based on our verification, we fully believe that intruders fail to obtain the phrase used to protect the signature key of the Fedora package. According to our observation, this passphrase has never been used during an intrusion event and is not stored on any Fedora server."
The Fedora Project manages the development and release of the Red Hat free Linux operating system. Software created by Fedora developers has been applied to different commercial and non-commercial versions of Linux, including Red Hat Enterprise Edition Linux.
Although the Fedora Project has no evidence that the intruder has obtained a signature key, it decides to create and enable a new key. The Fedora Project Administrator also checked a large number of software components and did not find anything similar to trojan software embedded in the software.
Red Hat said that although the intrusion has limited impact on the Red Hat system, intruders can create several signed malicious OpenSSH packages.
As a precaution, Red Hat is releasing new versions for these software, releasing a list of potentially risky software packages and how to detect them.
According to security experts, although the majority of Linux system package managers use a signature mechanism to ensure security, but said the use of CVE-2008-0166 vulnerabilities, attackers can contain malicious content of the software package successfully valid signature, especially when a user uses a third-party image source, the security of the upgrade package is not guaranteed. In addition, most Linux distributions do not have enough efforts to check personal or organizational image update sites. Therefore, attackers can easily become officially authenticated image sites.
To illustrate the severity of the problem, the researchers used a fake administrator and company name using the rented server, however, all the released versions (including Ubuntu, Fedora, OpenSUSE, CentOS, and Debian) that have been tried have been listed in the official image list.