Red Hat服务器受到攻击 客户不会受到影响

Red Hat服务器受到攻击 客户不会受到影响

8月23日消息，Red Hat本周五警告称，该公司部分支持商业和免费版Linux的服务器受到了网络攻击。

据国外媒体报道称，Red Hat在一份安全公告中表示，该公司相信这次攻击没有危及Red Hat Network，因此客户不会受到攻击。Red Hat利用Red Hat Network发布Red Hat Enterprise Linux的升级包。

Red Hat还发布了一个能够探测受到攻击的OpenSSH软件包的脚本文件。

Red Hat在安全公告中称，“我们发布安全警告主要针对那些不通过官方渠道获得我们二进制文件包的客户。”

受这次攻击影响的主要是少量与Red Hat Enterprise Linux 4和5相关的OpenSSH软件包，Red Hat将发布这些软件包的升级版本。Red Hat已经发布了一个受影响的软件包清单，并公布了如果探测它们的说明。

Fedora项目的一名负责人在一个Fedora电子邮件列表中发布了一份安全公告称，上周发现一些服务器受到非法访问后，他们已经断开部分服务器的网络连接。

From the "this isn't good news" files:

Servers for both Red Hat Enterprise Linux and Fedora Linux were compromised in recent weeks by some kind of illegal access. Neither project however is currently admitting than any of their software or users were in any way directly affected by the illegal access.
Fedora Project Leader Paul Frields wrote in a mailing list entry that:

Last week we discovered that some Fedora servers were illegally accessed. The intrusion into the servers was quickly discovered, and the servers were taken offline.Security specialists and administrators have been working since then to analyze the intrusion and the extent of the compromise as well as reinstall Fedora systems.

On the Red Hat Enterprise side of things there is an OpenSSH update notification that contains (few) details about what happened.

Last week Red Hat detected an intrusion on certain of its computer systems and took immediate action. While the investigation into the intrusion is on-going, our initial focus was to review and test the distribution channel we use with our customers, Red Hat Network (RHN) and its associated security measures. Based on these efforts, we remain highly confident that our systems and processes prevented the intrusion from compromising RHN or the content distributed via RHN and accordingly believe that customers who keep their systems updated using Red Hat Network are not at risk.

The fear in both cases is that an attacker could have somehow gained access and then created or compromised a security signing key used to distribute packages and updates.

As far as I can tell based on the analysis provided by Red Hat that's not the case and Red Hat and Fedora are being responsible and prudent by locking down system, analyzing everything and re-issuing keys.

仔细看来，应该有部分服务器已经被攻陷，部分软件可能遭到替换，建议适用最新更新红帽软件包的用户仔细查看受感染的软件包明细。排除隐患。