Difference between revisions of "DBSA:2013-0004"

From Digibase Knowledge Base
Jump to: navigation, search
(Created page with "'''DBSA ID:''' {{PAGENAME}} '''Regarding:''' Debian-Multimedia repository potential compromise '''Related to:''' DBSA:2013-0002 '''Writeup:''' ~~~~ '''Date:''' 2013 05...")
 
m
 
(4 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
'''DBSA ID:''' {{PAGENAME}}
 
'''DBSA ID:''' {{PAGENAME}}
  
'''Regarding:''' Debian-Multimedia repository potential compromise
+
'''Regarding:''' Debian-Multimedia repository potential for compromise
 
 
'''Related to:''' [[DBSA:2013-0002]]
 
  
 
'''Writeup:''' [[User:Kradorex Xeron|Kradorex Xeron]] ([[User talk:Kradorex Xeron|talk]]) 02:23, 15 June 2013 (EDT)
 
'''Writeup:''' [[User:Kradorex Xeron|Kradorex Xeron]] ([[User talk:Kradorex Xeron|talk]]) 02:23, 15 June 2013 (EDT)
  
'''Date:''' 2013 05 21
+
'''Date:''' 2013 06 15
  
 
'''Last Modified:''' {{REVISIONTIMESTAMP}} by {{REVISIONUSER}}
 
'''Last Modified:''' {{REVISIONTIMESTAMP}} by {{REVISIONUSER}}
Line 19: Line 17:
 
'''Rationale:''' The domain name may be misused at any point to attempt to hijack the systems updating against the repository.
 
'''Rationale:''' The domain name may be misused at any point to attempt to hijack the systems updating against the repository.
  
'''Severity:''' MEDIUM
+
'''Severity:''' LOW
  
'''Rationale:''' There has been no observed impact, but the network hosting the current 'debian-multimedia.org' domain is high-risk for misuse of the domain name.
+
'''Rationale:''' There has been no observed impact, but the network hosting the current 'debian-multimedia.org' domain is a potential risk for misuse of the domain name.
  
 
'''Spread of Issue:''' LIMITED MEDIUM
 
'''Spread of Issue:''' LIMITED MEDIUM
Line 28: Line 26:
  
 
==Description==
 
==Description==
The domain name, 'debian-multimedia.org' that supports a widely used software repository, 'debian-multimedia' has had its domain name taken over by a party unrelated to the Debian project in any official or unofficial capacity.
+
The domain name debian-multimedia.org that supports a widely used unofficial software repository, 'debian-multimedia' has had its domain name taken over by a party unrelated to the Debian project in any official or unofficial capacity. The project has thus moved to the domain name deb-multimedia.org
  
 
==Technical Details==
 
==Technical Details==
Line 36: Line 34:
 
Those affected are advised to visit http://deb-multimedia.org and install the new location of the repository and remove the old, 'debian-multimedia.org' repository from apt configuration.
 
Those affected are advised to visit http://deb-multimedia.org and install the new location of the repository and remove the old, 'debian-multimedia.org' repository from apt configuration.
  
It is advised to treat the 'debian-multimedia.org' domain name as compromised and audit any transfers performed .
+
It is advised to treat the 'debian-multimedia.org' domain name as compromised and audit for any transfers performed.
  
 
==References==
 
==References==

Latest revision as of 01:37, 15 June 2013

DBSA ID: 2013-0004

Regarding: Debian-Multimedia repository potential for compromise

Writeup: Kradorex Xeron (talk) 02:23, 15 June 2013 (EDT)

Date: 2013 06 15

Last Modified: 20130615013737 by Kradorex Xeron

Who should take note: Debian (and derivative) Users and System Administrators

Classification

Priority: HIGH

Rationale: The domain name may be misused at any point to attempt to hijack the systems updating against the repository.

Severity: LOW

Rationale: There has been no observed impact, but the network hosting the current 'debian-multimedia.org' domain is a potential risk for misuse of the domain name.

Spread of Issue: LIMITED MEDIUM

Rationale: Considering that 'debian-multimedia' is not a core repository of Debian installations and most derivatives thereof, the spread does not qualify for a "HIGH" rating, but is increased due to the high usage of the packages serviced by the repository.

Description

The domain name debian-multimedia.org that supports a widely used unofficial software repository, 'debian-multimedia' has had its domain name taken over by a party unrelated to the Debian project in any official or unofficial capacity. The project has thus moved to the domain name deb-multimedia.org

Technical Details

There is no technical details to discuss in this advisory.

Mitigation/Solution

Those affected are advised to visit http://deb-multimedia.org and install the new location of the repository and remove the old, 'debian-multimedia.org' repository from apt configuration.

It is advised to treat the 'debian-multimedia.org' domain name as compromised and audit for any transfers performed.

References