[prev in list] [next in list] [prev in thread] [next in thread] 

List:       fedora-list
Subject:    Re: CIA Outlaw Country attack against CentOS / Rhel (and Fedora?) Is this credible?
From:       "T.C. Hollingsworth" <tchollingsworth () gmail ! com>
Date:       2017-06-29 23:56:40
Message-ID: CAJVv0O=E_vOPX=3rmekhUg-bAwhhESa4LaW9digdi1QAeZ_Arw () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


On Jun 29, 2017 3:52 PM, "stan" <stanl-fedorauser@vfemail.net> wrote:

Wikileaks released a document about an attack against CentOS / Rhel.

https://wikileaks.org/vault7/#OutlawCountry

Here's the text, there are some docs there also.

<snip>


My first take is that this doesn't represent a very serious threat.  Do
you disagree?


> Prerequisites(S//NF)

> The target must be running a compatible 64-bit version of CentOS/RHEL 6.x
(kernel version 2.6.32).

This doesn't even work on Fedora.

Fedora kernels move too fast for them to keep up with binaries; they would
have to use the source and rebuild it akmod style on every kernel upgrade.
They aren't doing this; they want to keep their stuff secret.

It could, however, have been ported to RHEL7 (and not leaked).

> (S//NF) The Operator must have shell access to the target.

So you have to already have a vulnerability or have a server administrator
in the CIA's pocket. This is just a rootkit they use once they already have
the keys to kingdom.

[Attachment #5 (text/html)]

<div dir="auto"><div class="gmail_extra" dir="auto"><div class="gmail_quote">On Jun \
29, 2017 3:52 PM, &quot;stan&quot; &lt;<a href="mailto:stanl-fedorauser@vfemail.net" \
target="_blank">stanl-fedorauser@vfemail.net</a>&gt; wrote:<br \
type="attribution"><blockquote class="m_8143855739973749328quote" style="margin:0 0 0 \
.8ex;border-left:1px #ccc solid;padding-left:1ex">Wikileaks released a document about \
an attack against CentOS / Rhel.<br> <br>
<a href="https://wikileaks.org/vault7/#OutlawCountry" rel="noreferrer" \
target="_blank">https://wikileaks.org/vault7/#<wbr>OutlawCountry</a><br> <br>
Here&#39;s the text, there are some docs there also.<br>
<br>&lt;snip&gt;<br><br><br>
My first take is that this doesn&#39;t represent a very serious threat.   Do<br>
you disagree?<br></blockquote></div></div><div dir="auto"><br></div><div \
dir="auto"><span style="font-family:sans-serif">&gt; Prerequisites(S//NF)  \
</span><div dir="auto" style="font-family:sans-serif"><br></div><div dir="auto" \
style="font-family:sans-serif">&gt; The target must be running a compatible 64-bit \
version of CentOS/RHEL 6.x (kernel version 2.6.32).</div><div dir="auto" \
style="font-family:sans-serif"><br></div><div dir="auto" \
style="font-family:sans-serif">This doesn&#39;t even work on Fedora.</div><div \
dir="auto" style="font-family:sans-serif"><br></div><div dir="auto" \
style="font-family:sans-serif">Fedora kernels move too fast for them to keep up with \
binaries; they would have to use the source and rebuild it akmod style on every \
kernel upgrade. They aren&#39;t doing this; they want to keep their stuff \
secret.<br></div><div dir="auto" style="font-family:sans-serif"><br></div><div \
dir="auto" style="font-family:sans-serif">It could, however, have been ported to \
RHEL7 (and not leaked).</div><div dir="auto" \
style="font-family:sans-serif"><br></div><div dir="auto" \
style="font-family:sans-serif">&gt; (S//NF) The Operator must have shell access to \
the target.</div><div dir="auto" style="font-family:sans-serif"><br></div><div \
dir="auto" style="font-family:sans-serif">So you have to already have a vulnerability \
or have a server administrator in the CIA&#39;s pocket. This is just a rootkit they \
use once they already have the keys to kingdom.</div><div dir="auto" \
style="font-family:sans-serif"><br></div></div><div class="gmail_extra" \
dir="auto"><div class="gmail_quote"><blockquote class="m_8143855739973749328quote" \
style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"></blockquote></div></div></div>


[Attachment #6 (text/plain)]

_______________________________________________
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-leave@lists.fedoraproject.org


[prev in list] [next in list] [prev in thread] [next in thread]