[App_rpt-users] To All DIAL Users from AllStarLink Admin Team
Bryan Fields
Bryan at bryanfields.net
Thu Jun 8 18:47:00 UTC 2017
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
All DIAL users,
The AllStarLink administrative team has identified a vulnerability in
DIAL. These details are available in a separate notice.
In part to mitigate this, we have identified a way to fix this via the
well known user account. We propose to to script and execute code which
should fix this issue on any nodes connected to the ASL network.
What will this script do?
This script will disable all the "pi" and "debian" users, killall
process running by these users and then logout of the node. Once
this is complete ASL will no longer have remote access to the node.
What if I don't want this done to my node?
Change the login or restrict login via ssh for the pi and debian
users. You may also email the admin team with your node numbers to
opt-out.
Why is the admin team taking these actions?
Why not allow people to fix their own nodes?
The admin team believes most users of DIAL are generally radio users
first, and Linux administrators second. Many may not know what
issues this can cause on their system and the admin team believes
this will mitigate any problems end users may have mitigating this
on their own.
Any user is free to opt-out and respond to this issue in their own
way if they so choose.
What if I'm running ACID?
ACID is unsupported and quite outdated. We encourage all ACID users
to migrate to DIAL.
What if I'm using another distribution or have compiled AllStar from source?
It's likely you're unaffected and have the skills to maintain your
node securely on your own.
What if my box is compromised?
If your node is compromised we suggest a complete re-install.
From the exploits we have seen in the wild, none have root or done
anything other than scanning/bitcoin mining. We have see the
attackers download the asterisk config files so it would be wise to
change any passwords you may have. We suspect this is looking to
exploit SIP call termination for profit.
What if I have questions not answered here?
Please post them to the AllStarLink mailing list.
Note: you must be subscribed to post.
http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users
When will this action take place?
The ASL admin team is expecting to do this at 0000 UTC June 10, 2017
Status of this Notice
This notice provides information for the community. Distribution of
this notice is unlimited.
Copyright
Copyright (C) AllStarLink, Inc (2017). All Rights Reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJZOZukAAoJEGE5oGFSxpFAeLEQALpM6xXUBKYPJkg0A2hBvliO
XaacHft445/UHDku6U+1+U3SBXaqePmkjLZHrvW9leXoNxX3uhrqudj/VihYl8t2
O3o+jl056SeQWwwEP10u0dFgUgqcSPpOjl2z8DrKQOJgTp7M/NxCBIJZolaQLih2
AtF/FQWD0BVhml5ngdzq6NwuvSqL/wsf+WgwxKCTjh8zZA6VnRhCgg2+khxD2rgp
TWWnQ6uyLrUijVINyS2U0+TCWobQ+NDkAm6acRXpgPzn63ufvfSrqfEWWEeOlGkq
qxjkrrTg5jZwKvUBruNtqnOt+3TZa4r1vin51VtgRll0pRfUWl6cHPBUHoziM4it
FlJUGLJg1fnqBWOiYi6R58QddK5sffaDO7UTmTJKb6TOGsS86iF4nu2p2TgPJL8z
TxQkaLx7+/3VhJ+6ZlV1T82Ma9bzb+P3WLasRiOPYiazXoQXaKSuaLJ9u/yZKp2r
P03O2KKIZ9pw1a5KikkJvJoCzfOkOTesvYxJPdt5iRffMW9S6wS+M0ixCCjrZF+V
ylCcUjs2lu+dh5PkG7rzY42xKYZLL97YmYEzE8OzmX0m6tK4yN6cgjlFL7/fyCpD
wZN+3d0Nc/PZzRyHE2c71s48yGfT54ZxwEVT319BIyeNd03AMSdrcohod9OHmP2W
snoffMWy6An+zHv8uY0u
=K4be
-----END PGP SIGNATURE-----
More information about the App_rpt-users
mailing list