[Savannah-hackers] address@hidden: man-in-the-middle problem with Savannah?]

[Paul Fisher]

Could someone look into this?  I don't have time to tonight.

--- Forwarded message from "Robert J. Chassell" <address@hidden>

Date: Tue, 26 Feb 2002 18:26:11 -0500 (EST)
From: "Robert J. Chassell" <address@hidden>
Subject: man-in-the-middle problem with Savannah?
Reply-to: address@hidden

I don't know if this is important or not; it might be.

Shortly after his first connection to savannah.gnu.org to receive a
CVS checkout, running under SSH, Ron Hale-Evans started receiving
output denied messages to 216.180.92.111 on Port 81.  (Note these were
*output* denied messages, not input denied messages.)

This suggests that someone installed a program on his machine to try
to contact that remote machine..

Ron's worry is that somehow there might be a man-in-the-middle attack
between him and Savannah.  He did NOT look at the SSH fingerprint that
he received when he first ran CVS, which was only a half hour or less
before he started receiving the output denied messages.

He other worry is that there is a security flaw in the CVS 1.10.7-7
package from Debian.  (I am running CVS 1.11.1p1, which is more
recent; but then I am also running the Debian `testing' distribution,
not the Debian `potato' distribution.)

Ron is running Debian GNU/Linux 2.2 `potato' with security updates up
to this morning.

Also, his /dev/hda1 partition got corrupted, and the program
/usr/bin/see, which is an alias for `run-mailcap', was also corrupted.

Please change Ron's password on savannah; his user ID is 

    rwhe

You can email me the new password, GnuPG encrypted, and he can get it
from me over the telephone.

I am sending this message because Ron off the net for the moment.

-- 
    Robert J. Chassell                  address@hidden
    Rattlesnake Enterprises             http://www.rattlesnake.com
    GnuPG Key ID: 004B4AC8
    GnuPG Key fingerprint = E965 342F 2359 2E30 4928  24A3 4845 3AFD 004B 4AC8


----- End forwarded message -----