[App_rpt-users] Debian Allstar Linux Image (DIAL) vulnerability
Bryan Fields
Bryan at bryanfields.net
Thu Jun 8 18:41:52 UTC 2017
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Debian Allstar Linux Image (DIAL) vulnerability
AllStarLink, Inc
June 8, 2017
Summary
A critical vulnerability has been found in DIAL permitting a remote
attacker log into the node and gain local user shell.
This vulnerability exists because the DIAL default install has a
default user account with a static password. An attacker could
exploit this vulnerability by connecting remotely to a node and
logging in by using the credentials for this default user account.
AllStarLink has released new x86 and arm install images which remove
this default account by default.
No privilege escalation has been found.
Affected Releases
DIAL x86
DIAL arm (Raspberry Pi)
Workarounds
Depending on release remove the following user accounts:
pi - arm
debian - x86
Example code to disable and remove accounts:
x86:
'passwd -d debian'
'userdel -r debian'
arm:
'passwd -d pi'
'userdel -r pi'
Further an acl or firewall can be used to restrict remote ssh access
to the node.
Exploitation and Public Announcements
A well known scanning tool has added "allstarlinux" to it's exploit
scanning tools. Exploited systems have been found to engage in
bitcoin mining, SIP termination or further scanning.
If a node has been exploited AllStarLink recommends a re-imaging of
the system.
Fixed Releases
Users should upgrade to the current RC1 release.
arm - http://dvswitch.org/files/DIAL/amd64-i386-DIAL-RC1.tar.gz
x86 - http://dvswitch.org/files/DIAL/RAT_RC1.tar.gz
Further notes
The older centos based ACID distribution has not been checked to
determine if it's affected by this vulnerability. ACID has been
depreciated and unsupported since 2015. All ACID users should
migrate immediately to DIAL.
The AllStarLink app_rpt mailing list provides a discussion forum and
access to the admin and development teams. We encourage all users
to join and participate.
http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users
Status of this Notice
This notice provides information for the community. Distribution of
this notice is unlimited.
Copyright
Copyright (C) AllStarLink, Inc (2017). All Rights Reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJZOZpwAAoJEGE5oGFSxpFAy8IP/37XXJYK/3RFjtm6tV1+HUYk
haB3H3fMi0MpEH2j4q1OlWyo1QGJKXt73L01m8c2K/O5cT3TvFhc/VzSOugwB1R1
xVWAzm1gycBKzDRe535cdyih4NEVCzZixlH8crs2s1JxSq1xQKMojdc+g3v0ogGn
8PywTlUqAHMrCfmqmouZcVPferV4mNvlYkcglJm2ZYLnSnW3BEIEHrYqGfWReoXB
rJ1hAtY7tJlqHaJ6woBcslkE0RljEB+VI0HK96FBUeGDJwW1w/Hy6pEN0SbOvOtY
r19INGoEjgN55U1Mnkbnc8hH4HtycWDqVIUDfyBIlB+pqjOlj0Vmx0XUB6x0Fzkf
rh6WzFLib8AAEZMjMyt439mWB2LLh/X+6mP+zmaYdJIZtOEXZZCj0QhOh6p36ZD9
rVBYB4OJnxQ5a7FvNr0k44GTc/VxmG8M8hNoXDD91HNJPOdQQUFTA5O9YcvR7z7x
FZ5moFCYbIL/Iut5OIXv+ZTu18czb66etX4hkbp5wZkyJRNaWZZ29b94j68S8Pr/
r5qxlDHVSdV5i7VpU1tmc66E7XaqVX4A3bXdeVUSIGi6T7FI68w2ZMjJcor6ZhTg
gjBncLFoBiEEETM4kDS+3ro3JT9R86s6BdnvoZ1PYrpoNW830pgXx6tj6VXOgvrS
VTF5N7Y0nTFyp6nSF+5c
=KD2I
-----END PGP SIGNATURE-----
More information about the App_rpt-users
mailing list