[App_rpt-users] To All DIAL Users from AllStarLink Admin Team

Bryan Fields Bryan at bryanfields.net
Thu Jun 8 18:47:00 UTC 2017 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

All DIAL users,

The AllStarLink administrative team has identified a vulnerability in
DIAL.  These details are available in a separate notice.

In part to mitigate this, we have identified a way to fix this via the
well known user account.  We propose to to script and execute code which
should fix this issue on any nodes connected to the ASL network.

What will this script do?

	This script will disable all the "pi" and "debian" users, killall
	process running by these users and then logout of the node.  Once
	this is complete ASL will no longer have remote access to the node.

What if I don't want this done to my node?

	Change the login or restrict login via ssh for the pi and debian
	users. You may also email the admin team with your node numbers to
	opt-out.

Why is the admin team taking these actions?
Why not allow people to fix their own nodes?

	The admin team believes most users of DIAL are generally radio users
	first, and Linux administrators second.  Many may not know what
	issues this can cause on their system and the admin team believes
	this will mitigate any problems end users may have mitigating this
	on their own.

	Any user is free to opt-out and respond to this issue in their own
	way if they so choose.

What if I'm running ACID?

	ACID is unsupported and quite outdated.  We encourage all ACID users
	to migrate to DIAL.

What if I'm using another distribution or have compiled AllStar from source?
	
	It's likely you're unaffected and have the skills to maintain your
	node securely on your own.
	
What if my box is compromised?

	If your node is compromised we suggest a complete re-install.
	
	From the exploits we have seen in the wild, none have root or done
	anything other than scanning/bitcoin mining.  We have see the
	attackers download the asterisk config files so it would be wise to
	change any passwords you may have.  We suspect this is looking to
	exploit SIP call termination for profit.

What if I have questions not answered here?

	Please post them to the AllStarLink mailing list.
	Note: you must be subscribed to post.
	
	http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users

When will this action take place?

	The ASL admin team is expecting to do this at 0000 UTC June 10, 2017

Status of this Notice

   This notice provides information for the community. Distribution of
   this notice is unlimited.

Copyright

   Copyright (C) AllStarLink, Inc (2017).  All Rights Reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJZOZukAAoJEGE5oGFSxpFAeLEQALpM6xXUBKYPJkg0A2hBvliO
XaacHft445/UHDku6U+1+U3SBXaqePmkjLZHrvW9leXoNxX3uhrqudj/VihYl8t2
O3o+jl056SeQWwwEP10u0dFgUgqcSPpOjl2z8DrKQOJgTp7M/NxCBIJZolaQLih2
AtF/FQWD0BVhml5ngdzq6NwuvSqL/wsf+WgwxKCTjh8zZA6VnRhCgg2+khxD2rgp
TWWnQ6uyLrUijVINyS2U0+TCWobQ+NDkAm6acRXpgPzn63ufvfSrqfEWWEeOlGkq
qxjkrrTg5jZwKvUBruNtqnOt+3TZa4r1vin51VtgRll0pRfUWl6cHPBUHoziM4it
FlJUGLJg1fnqBWOiYi6R58QddK5sffaDO7UTmTJKb6TOGsS86iF4nu2p2TgPJL8z
TxQkaLx7+/3VhJ+6ZlV1T82Ma9bzb+P3WLasRiOPYiazXoQXaKSuaLJ9u/yZKp2r
P03O2KKIZ9pw1a5KikkJvJoCzfOkOTesvYxJPdt5iRffMW9S6wS+M0ixCCjrZF+V
ylCcUjs2lu+dh5PkG7rzY42xKYZLL97YmYEzE8OzmX0m6tK4yN6cgjlFL7/fyCpD
wZN+3d0Nc/PZzRyHE2c71s48yGfT54ZxwEVT319BIyeNd03AMSdrcohod9OHmP2W
snoffMWy6An+zHv8uY0u
=K4be
-----END PGP SIGNATURE-----

More information about the App_rpt-users mailing list