[prev in list] [next in list] [prev in thread] [next in thread]
List: fedora-list
Subject: Re: CIA Outlaw Country attack against CentOS / Rhel (and Fedora?) Is this credible?
From: "T.C. Hollingsworth" <tchollingsworth () gmail ! com>
Date: 2017-06-29 23:56:40
Message-ID: CAJVv0O=E_vOPX=3rmekhUg-bAwhhESa4LaW9digdi1QAeZ_Arw () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
On Jun 29, 2017 3:52 PM, "stan" <stanl-fedorauser@vfemail.net> wrote:
Wikileaks released a document about an attack against CentOS / Rhel.
https://wikileaks.org/vault7/#OutlawCountry
Here's the text, there are some docs there also.
<snip>
My first take is that this doesn't represent a very serious threat. Do
you disagree?
> Prerequisites(S//NF)
> The target must be running a compatible 64-bit version of CentOS/RHEL 6.x
(kernel version 2.6.32).
This doesn't even work on Fedora.
Fedora kernels move too fast for them to keep up with binaries; they would
have to use the source and rebuild it akmod style on every kernel upgrade.
They aren't doing this; they want to keep their stuff secret.
It could, however, have been ported to RHEL7 (and not leaked).
> (S//NF) The Operator must have shell access to the target.
So you have to already have a vulnerability or have a server administrator
in the CIA's pocket. This is just a rootkit they use once they already have
the keys to kingdom.
[Attachment #5 (text/html)]
<div dir="auto"><div class="gmail_extra" dir="auto"><div class="gmail_quote">On Jun \
29, 2017 3:52 PM, "stan" <<a href="mailto:stanl-fedorauser@vfemail.net" \
target="_blank">stanl-fedorauser@vfemail.net</a>> wrote:<br \
type="attribution"><blockquote class="m_8143855739973749328quote" style="margin:0 0 0 \
.8ex;border-left:1px #ccc solid;padding-left:1ex">Wikileaks released a document about \
an attack against CentOS / Rhel.<br> <br>
<a href="https://wikileaks.org/vault7/#OutlawCountry" rel="noreferrer" \
target="_blank">https://wikileaks.org/vault7/#<wbr>OutlawCountry</a><br> <br>
Here's the text, there are some docs there also.<br>
<br><snip><br><br><br>
My first take is that this doesn't represent a very serious threat. Do<br>
you disagree?<br></blockquote></div></div><div dir="auto"><br></div><div \
dir="auto"><span style="font-family:sans-serif">> Prerequisites(S//NF) \
</span><div dir="auto" style="font-family:sans-serif"><br></div><div dir="auto" \
style="font-family:sans-serif">> The target must be running a compatible 64-bit \
version of CentOS/RHEL 6.x (kernel version 2.6.32).</div><div dir="auto" \
style="font-family:sans-serif"><br></div><div dir="auto" \
style="font-family:sans-serif">This doesn't even work on Fedora.</div><div \
dir="auto" style="font-family:sans-serif"><br></div><div dir="auto" \
style="font-family:sans-serif">Fedora kernels move too fast for them to keep up with \
binaries; they would have to use the source and rebuild it akmod style on every \
kernel upgrade. They aren't doing this; they want to keep their stuff \
secret.<br></div><div dir="auto" style="font-family:sans-serif"><br></div><div \
dir="auto" style="font-family:sans-serif">It could, however, have been ported to \
RHEL7 (and not leaked).</div><div dir="auto" \
style="font-family:sans-serif"><br></div><div dir="auto" \
style="font-family:sans-serif">> (S//NF) The Operator must have shell access to \
the target.</div><div dir="auto" style="font-family:sans-serif"><br></div><div \
dir="auto" style="font-family:sans-serif">So you have to already have a vulnerability \
or have a server administrator in the CIA's pocket. This is just a rootkit they \
use once they already have the keys to kingdom.</div><div dir="auto" \
style="font-family:sans-serif"><br></div></div><div class="gmail_extra" \
dir="auto"><div class="gmail_quote"><blockquote class="m_8143855739973749328quote" \
style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"></blockquote></div></div></div>
[Attachment #6 (text/plain)]
_______________________________________________
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-leave@lists.fedoraproject.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic