FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 08-25-2008, 08:34 AM
"SCHAER Frederic"
 
Default corrupted ISOs, or wrong SHA1SUMs ?? *WARNING*

Hi All,

While I thank you for your answers, I'd just like to add that I'm no Linux beginner...

I just downloaded yet another *2* DVD images directly from Linux :
- one using http://mirrors.fedoraproject.org/mirrorlist?path=pub/fedora/linux/releases/9/Fedora/x86_64/iso/Fedora-9-x86_64-DVD.iso&country=FR&redirect=1
- the other one using the URL in my firefox download history : ftp://fr2.rpmfind.net//linux/fedora/releases/9/Fedora/x86_64/iso/Fedora-9-x86_64-DVD.iso

And you know what ?? 1st DVD image is correct, and second *IS incorrect*.
These files differ ! And based on the SHA1SUM, I'm tempted to say the rpmfind one is corrupted.

I tried to see what are the binary differences between the 2 files : it looks like there is only one little difference :

File that is OK :

1AC4 3670: 8D CF 19 56 0A C6 AF 36 80 B3 38 94 05 F8 34 04
1AC4 3680: BA 4F 07 4C 9A E1 D3 01 8D 77 AC 3A BE D9 7B B5
1AC4 3690: 07 56 0D 9A A0 4D 2A 1C 7A C3 BE 80 EA 77 1B 94
1AC4 36A0: BA A1 77 98 7E 32 84 99 BB 43 67 0E 6C D8 00 A3

Files that are *NOT* OK :
Windows one :

1AC4 3670: 8D CF 19 56 0A C6 AF 36 80 B3 38 94 05 F8 34 05
1AC4 3680: 3A 4F 5F 4C 82 E1 AA 81 85 77 AD F2 BC D7 7B 99
1AC4 3690: 07 51 ED 98 B8 4F 48 1C 8E 43 81 80 EA 77 1B 94
1AC4 36A0: BA A1 77 98 7E 32 14 99 BB 43 67 0E 6C D8 00 A3

Linux one :
1AC4 3670: 8D CF 19 56 0A C6 AF 36 80 B3 38 94 05 F8 34 04
1AC4 3680: BA 4F 07 4C 9A E1 D3 01 8D 77 AC 3A BE D9 7B B5
1AC4 3690: 07 56 0D 9A A0 4D 2A 1C 7A C3 BE 80 EA 77 1B 94
1AC4 36A0: BA A1 77 98 7E 32 84 99 BB 43 67 0E 6C D8 00 A3

That's the only difference vbindiff could find... and as you can see, 2 different differences are at the same address.

Now comes the warning and the question: is this a hack ???

There's no more windows/cygwin question here... Is there any fedora security guy who could assure me ISOs were not modified (and who could explain those differences) ? Is there another (security ?) list that should be contacted regarding this subject ?

Thanks

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 08-25-2008, 10:31 AM
Mogens Kjaer
 
Default corrupted ISOs, or wrong SHA1SUMs ?? *WARNING*

SCHAER Frederic wrote:
> Hi All,
>
> While I thank you for your answers, I'd just like to add that I'm no
> Linux beginner...
>
> I just downloaded yet another *2* DVD images directly from Linux : -
> one using
> http://mirrors.fedoraproject.org/mirrorlist?path=pub/fedora/linux/releases/9/Fedora/x86_64/iso/Fedora-9-x86_64-DVD.iso&country=FR&redirect=1
> - the other one using the URL in my firefox download history :
> ftp://fr2.rpmfind.net//linux/fedora/releases/9/Fedora/x86_64/iso/Fedora-9-x86_64-DVD.iso
>
I can confirm that the ISO on fr2.rpmfind.net is bad.

However:

I've fetched a good and a bad DVD, loopmounted both, and
did a

# diff -urN /mnt/good /mnt/bad

and one file differs:

Binary files good/Packages/eclipse-pde-3.3.2-11.fc9.x86_64.rpm and
bad/Packages/
eclipse-pde-3.3.2-11.fc9.x86_64.rpm differ

Testing the signatures:

mk@mk>rpm --checksig /mnt/good/Packages/eclipse-pde-3.3.2-11.fc9.x86_64.rpm
/mnt/good/Packages/eclipse-pde-3.3.2-11.fc9.x86_64.rpm: (sha1) dsa sha1
md5 gpg OK
mk@mk>rpm --checksig /mnt/bad/Packages/eclipse-pde-3.3.2-11.fc9.x86_64.rpm
/mnt/bad/Packages/eclipse-pde-3.3.2-11.fc9.x86_64.rpm: (sha1) dsa sha1
MD5 GPG NOT OK

So what's in eclipse-pde?

It doesn't look "dangerous" to me - now if it were openssh AND
had a good signature things would be different...

Mogens

--
Mogens Kjaer, Carlsberg A/S, Computer Department
Gamle Carlsberg Vej 10, DK-2500 Valby, Denmark
Phone: +45 33 27 53 25, Fax: +45 33 27 47 08
Email: mk@crc.dk Homepage: http://www.crc.dk

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 08-25-2008, 11:26 AM
"SCHAER Frederic"
 
Default corrupted ISOs, or wrong SHA1SUMs ?? *WARNING*

Ah great, thanks a lot for this check

I had'nt yet thought about diff'in the 2 DVD trees...
OK, doesn't look bad to me either, I prefer that.

Thanks again :]

>-----Message d'origine-----
>De*: fedora-list-bounces@redhat.com [mailto:fedora-list-bounces@redhat.com]
>De la part de Mogens Kjaer
>Envoyé*: lundi 25 août 2008 12:32
>À*: For users of Fedora
>Objet*: Re: corrupted ISOs, or wrong SHA1SUMs ?? *WARNING*
>
>SCHAER Frederic wrote:
>> Hi All,
>>
>> While I thank you for your answers, I'd just like to add that I'm no
>> Linux beginner...
>>
>> I just downloaded yet another *2* DVD images directly from Linux : -
>> one using
>>
>http://mirrors.fedoraproject.org/mirrorlist?path=pub/fedora/linux/releases/
>9/Fedora/x86_64/iso/Fedora-9-x86_64-DVD.iso&country=FR&redirect=1
>> - the other one using the URL in my firefox download history :
>> ftp://fr2.rpmfind.net//linux/fedora/releases/9/Fedora/x86_64/iso/Fedora-
>9-x86_64-DVD.iso
>>
>I can confirm that the ISO on fr2.rpmfind.net is bad.
>
>However:
>
>I've fetched a good and a bad DVD, loopmounted both, and
>did a
>
># diff -urN /mnt/good /mnt/bad
>
>and one file differs:
>
>Binary files good/Packages/eclipse-pde-3.3.2-11.fc9.x86_64.rpm and
>bad/Packages/
>eclipse-pde-3.3.2-11.fc9.x86_64.rpm differ
>
>Testing the signatures:
>
>mk@mk>rpm --checksig /mnt/good/Packages/eclipse-pde-3.3.2-11.fc9.x86_64.rpm
>/mnt/good/Packages/eclipse-pde-3.3.2-11.fc9.x86_64.rpm: (sha1) dsa sha1
>md5 gpg OK
>mk@mk>rpm --checksig /mnt/bad/Packages/eclipse-pde-3.3.2-11.fc9.x86_64.rpm
>/mnt/bad/Packages/eclipse-pde-3.3.2-11.fc9.x86_64.rpm: (sha1) dsa sha1
>MD5 GPG NOT OK
>
>So what's in eclipse-pde?
>
>It doesn't look "dangerous" to me - now if it were openssh AND
>had a good signature things would be different...
>
>Mogens
>
>--
>Mogens Kjaer, Carlsberg A/S, Computer Department
>Gamle Carlsberg Vej 10, DK-2500 Valby, Denmark
>Phone: +45 33 27 53 25, Fax: +45 33 27 47 08
>Email: mk@crc.dk Homepage: http://www.crc.dk
>
>--
>fedora-list mailing list
>fedora-list@redhat.com
>To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 

Thread Tools




All times are GMT. The time now is 02:12 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org