Fedora System Compromised, But No Changes Made

The infrastructure of the Fedora Project was compromised over the weekend and an account belonging to a Fedora contributor was taken over by an attacker. However, Fedora officials said they don’t believe that the attacker was able to push any changes to the Fedora package system or make any actual changes to the infrastructure.

FedoraThe infrastructure of the Fedora Project was compromised over the weekend and an account belonging to a Fedora contributor was taken over by an attacker. However, Fedora officials said they don’t believe that the attacker was able to push any changes to the Fedora package system or make any actual changes to the infrastructure.

The attack appears to have targeted one specific user account, which had some high-value privileges. The attacker was able to compromise the account externally, and then had the ability to connect remotely to some Fedora systems. The attacker also changed the account’s SSH key, Fedora officials said.

The compromise could have been far worse, as the account that was hacked had the ability to push access to the Fedora SCM and perform builds and make changes to Fedora packages. But, significantly, the Fedora Infrastructure Team’s investigation didn’t find that the intrusion resulted in any changes to the Fedora software itself.

“Based on the results of our investigation so far, we do not believe that any Fedora packages or other Fedora contributor accounts were affected by this compromise,” Jared Smith, the Fedora project leader, said in an email to the Fedora Project mailing list. “While the user in question had the ability to commit to Fedora SCM, the Infrastructure Team does not believe that the compromised account was used to do this, or cause any builds or updates in the Fedora build system. The Infrastructure Team believes that Fedora users are in no way threatened by this security breach and we have found no evidence that the compromise extended beyond this single account.”

Fedora is a free operating system project sponsored by Red Hat.

The attack came to light over the weekend when one of the Fedora contributors got an email saying that his account details had been modified. The contributor knew that he had not changed his account settings, so he contacted the Fedora Infrastructure Team, which investigated the incident and found that the account had been compromised. Once the investigation began, the team took snapshots of all of the systems that the hacked account had access to, locked down the account itself and then audited the systems the account had privileges on, including SSH and the Fedora Account System.

“We are still performing a more in-depth investigation and security audit and we will post again if there are any material changes to our understanding,” Smith said.

Suggested articles

Flaw Found In Dirty COW Patch

Researchers have found a flaw in the original fix for the Dirty COW vulnerability patched in October 2016.

Discussion

  • Anonymous on

    Next time please include a link to the actual facts of the case (e.g. the email sent out by Jared Smith, the Fedora Project Leader): http://lists.fedoraproject.org/pipermail/devel-announce/2011-January/000746.html
  • Anonymous on

    yum install pwned

  • Anonymous on

    HAH! you wish, MickeySoft shill!

  • Anonymous on

    apt-get remove fedora

  • involver on

    # make rebuild(fedora`s)world

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.