Re: trojan tcpdump?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Jim Cornette <fc-cornette@xxxxxxxxxxxxxx> writes:
> So was this a trojan version or an unsigned version? 

Bugzilla says this was a race in the release tools and the rpm was
good but slipped through unsigned.

         https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=232523

> I thought the date for tcpdump and libpcap were both dated in
> January even though the development package was dated Mar 15th.

In theory Redhat folks could have applied a private patch, even if the
underlying tcpdump distribution didn't change since January.

> Anyway, looking up information for libpcap and tcpdump on a Windows
> machine had me cross paths with the 2002 incident and kicked in the
> antivirus software for windows.
>
> Just to be safe, are these incidents unrelated? Did I just happen to
> cross the virus via google and the packages were only messed up by the
> build process?

Even if it was a trojan, I can't imagine the attacker would want to
slip an MS virus in there.  That would draw even more attention to the
files.  Linux exploits and MS exploits would require vastly different
code.

> I did come to the realization that you should not try to install
> unsigned rpms in case this was an attempt to trojan version the
> mirrors.

My jaw dropped when I read that one of the bugzilla responses (by a
normal user) was to force the installation by editing the yum conf
file to say "gpgcheck=0".

If it isn't signed by a repository that you trust then all bets are
off.

-wolfgang
-- 
Wolfgang S. Rupprecht                http://www.wsrcc.com/wolfgang/

[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux