I can confirm it affects only Red Hat systems, since today I heard of it at my corporation. Hope there will be a solution :)
On Fri, Mar 22, 2013 at 2:17 PM, Joost Ruis <[email protected]> wrote: > This only seems to affect Red Hat based systems. > I think that somehow the attacker has been able to alter some RPM > package(s) on some mirror(s). > These packages later got installed on servers as updates infecting > those systems. > > I think this is also the reason I wasn't aware of this thing yet, it > is a distro specific security flaw. > > On Fri, Mar 22, 2013 at 12:29 PM, Pavol Cupka <[email protected]> > wrote: > > this is from the infected server > > > > root@server1 [/var/log]# stat /lib/libkeyutils.so.1.9 > > File: `/lib/libkeyutils.so.1.9' > > Size: 26904 Blocks: 56 IO Block: 4096 regular file > > Device: 6ah/106d Inode: 357728408 Links: 1 > > Access: (0755/-rwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root) > > Access: 2013-02-18 07:28:21.000000000 -0500 > > Modify: 2007-01-06 02:57:38.000000000 -0500 > > Change: 2013-02-18 07:28:06.000000000 -0500 > > > > the file libkeyutils.so* are part of the sys-apps/keyutils package the > file > > is slightly smaller > > > > stat /lib/libkeyutils.so.1.4 > > File: ‘/lib/libkeyutils.so.1.4’ > > Size: 9560 Blocks: 24 IO Block: 4096 regular file > > Device: 801h/2049d Inode: 33101 Links: 1 > > Access: (0755/-rwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root) > > Access: 2013-03-22 12:19:56.674851171 +0100 > > Modify: 2012-12-02 23:16:09.000000000 +0100 > > Change: 2013-02-19 02:01:18.301392129 +0100 > > Birth: - > > > > you can also check the files using the > > > > equery k keyutils > > > > command, or using the sabayons build-in check in equo (I don't know the > name > > of it as I don't use sabayon anymore) > > > > > > > > > > > > On Fri, Mar 22, 2013 at 12:23 PM, Andre Jaenisch > > <[email protected]> wrote: > >> > >> 2013/3/22 Joost Ruis <[email protected]>: > >> > I checked my system here ( amd64 ) and it seems we are not affected by > >> > this. > >> > > >> > On this page you can find some tests you can perform. > >> > http://docs.cpanel.net/twiki/bin/view/AllDocumentation/CompSystem > >> > >> Can you attend it to http://bugs.sabayon.org/show_bug.cgi?id=4108 ? > >> The thread is broken somehow ... > >> > > > > > > > > > > -- Lead-Developer at Project Rogentos (Romanian Gentoo Operating System) GNU/Linux. Based on Sabayon and Gentoo Linux, Rogentos tends to offer support mainly for all Romanian Linux users and entrepreneurs which seek to learn an open and free system based on true values :) http://rogentos.ro www.facebook.com/RogentosLinux https://plus.google.com/106559511636021124919/ Google+
