[App_rpt-users] To All DIAL Users from AllStarLink Admin Team

Jim Nessen nessenj at jimsoffice.org
Thu Jun 8 19:08:04 UTC 2017 

Great write up, thank you!

Jim, K6JWN

________________________________________
From: App_rpt-users <app_rpt-users-bounces at lists.allstarlink.org> on behalf of Bryan Fields <Bryan at bryanfields.net>
Sent: Thursday, June 8, 2017 11:47 AM
To: Users of Asterisk app_rpt
Subject: [App_rpt-users] To All DIAL Users from AllStarLink Admin Team

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

All DIAL users,

The AllStarLink administrative team has identified a vulnerability in
DIAL.  These details are available in a separate notice.

In part to mitigate this, we have identified a way to fix this via the
well known user account.  We propose to to script and execute code which
should fix this issue on any nodes connected to the ASL network.

What will this script do?

        This script will disable all the "pi" and "debian" users, killall
        process running by these users and then logout of the node.  Once
        this is complete ASL will no longer have remote access to the node.

What if I don't want this done to my node?

        Change the login or restrict login via ssh for the pi and debian
        users. You may also email the admin team with your node numbers to
        opt-out.

Why is the admin team taking these actions?
Why not allow people to fix their own nodes?

        The admin team believes most users of DIAL are generally radio users
        first, and Linux administrators second.  Many may not know what
        issues this can cause on their system and the admin team believes
        this will mitigate any problems end users may have mitigating this
        on their own.

        Any user is free to opt-out and respond to this issue in their own
        way if they so choose.

What if I'm running ACID?

        ACID is unsupported and quite outdated.  We encourage all ACID users
        to migrate to DIAL.

What if I'm using another distribution or have compiled AllStar from source?

        It's likely you're unaffected and have the skills to maintain your
        node securely on your own.

What if my box is compromised?

        If your node is compromised we suggest a complete re-install.

        From the exploits we have seen in the wild, none have root or done
        anything other than scanning/bitcoin mining.  We have see the
        attackers download the asterisk config files so it would be wise to
        change any passwords you may have.  We suspect this is looking to
        exploit SIP call termination for profit.

What if I have questions not answered here?

        Please post them to the AllStarLink mailing list.
        Note: you must be subscribed to post.

        http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users

When will this action take place?

        The ASL admin team is expecting to do this at 0000 UTC June 10, 2017

Status of this Notice

   This notice provides information for the community. Distribution of
   this notice is unlimited.

Copyright

   Copyright (C) AllStarLink, Inc (2017).  All Rights Reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJZOZukAAoJEGE5oGFSxpFAeLEQALpM6xXUBKYPJkg0A2hBvliO
XaacHft445/UHDku6U+1+U3SBXaqePmkjLZHrvW9leXoNxX3uhrqudj/VihYl8t2
O3o+jl056SeQWwwEP10u0dFgUgqcSPpOjl2z8DrKQOJgTp7M/NxCBIJZolaQLih2
AtF/FQWD0BVhml5ngdzq6NwuvSqL/wsf+WgwxKCTjh8zZA6VnRhCgg2+khxD2rgp
TWWnQ6uyLrUijVINyS2U0+TCWobQ+NDkAm6acRXpgPzn63ufvfSrqfEWWEeOlGkq
qxjkrrTg5jZwKvUBruNtqnOt+3TZa4r1vin51VtgRll0pRfUWl6cHPBUHoziM4it
FlJUGLJg1fnqBWOiYi6R58QddK5sffaDO7UTmTJKb6TOGsS86iF4nu2p2TgPJL8z
TxQkaLx7+/3VhJ+6ZlV1T82Ma9bzb+P3WLasRiOPYiazXoQXaKSuaLJ9u/yZKp2r
P03O2KKIZ9pw1a5KikkJvJoCzfOkOTesvYxJPdt5iRffMW9S6wS+M0ixCCjrZF+V
ylCcUjs2lu+dh5PkG7rzY42xKYZLL97YmYEzE8OzmX0m6tK4yN6cgjlFL7/fyCpD
wZN+3d0Nc/PZzRyHE2c71s48yGfT54ZxwEVT319BIyeNd03AMSdrcohod9OHmP2W
snoffMWy6An+zHv8uY0u
=K4be
-----END PGP SIGNATURE-----
_______________________________________________
App_rpt-users mailing list
App_rpt-users at lists.allstarlink.org
http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users

To unsubscribe from this list please visit http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll down to the bottom of the page. Enter your email address and press the "Unsubscribe or edit options button"
You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem.

More information about the App_rpt-users mailing list