[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Security Breach Alert - CVS Home File Download Area Compromised
|
From: |
Conrad T. Pino |
|
Subject: |
RE: Security Breach Alert - CVS Home File Download Area Compromised |
|
Date: |
Mon, 24 Jan 2005 15:37:38 -0800 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello All,
I've done a preliminary systematic check and here's
what I know so far:
1. The issue may be client platform specific.
2. Not all download areas are affected but I still
recommend considering the entire system suspect
until a complete determination is made.
Supporting specific details follow:
=======================================================
I'm seeing an issue using Windows 2000 SP4 + Updates
and Internet Explorer 6.0.2800.1106 and the symptoms
are as follows:
A. All sampled "*.gz.sig" will not download.
B. All sampled "*.gz" files start downloading with
the expected file size but the download reaches the
expected file size and then continues to a file size
much larger than expected.
The Mac OS X user who brought the issue to light has
different symptoms:
a. The sampled "*.gz.sig" will not download.
b. The sampled "*.gz" files download with correct size
and the MD5 hashes agree with my reference copy.
The Mac OS X sample size is likely just a single file.
=======================================================
The Windows file download area appears unaffected so
far but I have NOT compared ALL files as yet.
I. All sampled (4) "*.zip.sig" files download and
compare to my reference copies correctly.
II. All sampled (4) "*.zip" files download and
compare to my reference copies correctly.
Although the Windows download area appears unaffected
so far I still recommend caution.
=======================================================
The Solaris i386 and Mac OS X binary are affected as
follows:
i. The 8 sampled files "*.gz.sig" will not download.
ii. The 8 sampled files "*.gz" files start downloading
with the expected file size but the download reaches
the expected file size and then continues to a file
size much larger than expected.
=======================================================
The AIX, HP, SIG and Solaris SPARC download areas are
similar to Solaris i386 and Mac OS X areas as follows:
There are no "*.gz.sig" files to verify.
The 4 sampled files "*.gz" files start downloading with
the expected file size but the download reaches the
expected file size and then continues to a file size
much larger than expected.
=======================================================
Best regards,
Conrad T. Pino
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4
iQA/AwUBQfWGwbNM28ubzTo9EQJQ5gCaA+ks6TmSQhf76Eqgu78R/ivtIb8AoKya
ftj4EdHElKntr7urLQZuMUsK
=1mJh
-----END PGP SIGNATURE-----
- Security Breach Alert - CVS Home File Download Area Compromised, Conrad T. Pino, 2005/01/24
- RE: Security Breach Alert - CVS Home File Download Area Compromised, Conrad T. Pino, 2005/01/24
- RE: Security Breach Alert - CVS Home File Download Area Compromised,
Conrad T. Pino <=
- RE: Security Breach Alert - CVS Home File Download Area Compromised, Conrad T. Pino, 2005/01/24
- RE: Security Breach Alert - CVS Home File Download Area Compromised, Conrad T. Pino, 2005/01/24
- Re: Security Breach Alert - CVS Home File Download Area Compromised, Larry Jones, 2005/01/25
- RE: Security Breach Alert - CVS Home File Download Area Compromised, Conrad T. Pino, 2005/01/26
- Re: Security Breach Alert - CVS Home File Download Area Compromised, Arno Schuring, 2005/01/26
- Re: Security Breach Alert - CVS Home File Download Area Compromised, Todd Denniston, 2005/01/26
- RE: Security Breach Alert - CVS Home File Download Area Compromised, Conrad T. Pino, 2005/01/26