Bug 141461 - system files tampered by up2date
system files tampered by up2date
Status: CLOSED WONTFIX
Product: Fedora
Classification: Fedora
Component: up2date (Show other bugs)
2
All Linux
medium Severity medium
: ---
: ---
Assigned To: Adrian Likins
Fanny Augustin
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-12-01 05:26 EST by emanuele maiarelli
Modified: 2007-11-30 17:10 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-04-22 11:18:58 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
output of rkhunter v 1.1.8 (5.92 KB, text/plain)
2004-12-01 05:53 EST, emanuele maiarelli
no flags Details
md5sums of donwloaded packages (10.03 KB, text/plain)
2004-12-01 05:58 EST, emanuele maiarelli
no flags Details
some rows of 'rpmverify -a' (47.58 KB, text/plain)
2004-12-01 06:31 EST, emanuele maiarelli
no flags Details

  None (edit)
Description emanuele maiarelli 2004-12-01 05:26:44 EST
Description of problem:

up2date crash while updating to kernel-2.6.9-1.6_FC2.
after the crash i run rkhunter (www.rkhunter.nl) and i got these messeages
/usr/sbin/prelink: /usr/bin/find: at least one of file's dependencies
has changed since prelinking
   /usr/bin/find                                              [ BAD ]
/usr/sbin/prelink: /usr/bin/file: at least one of file's dependencies
has changed since prelinking
   /usr/bin/file                                              [ BAD ]
/usr/sbin/prelink: /usr/bin/kill: at least one of file's dependencies
has changed since prelinking
   /usr/bin/kill                                              [ BAD ]
/usr/sbin/prelink: /usr/bin/killall: at least one of file's
dependencies has changed since prelinking
   /usr/bin/killall                                           [ BAD ]
/usr/sbin/prelink: /usr/bin/lsattr: at least one of file's
dependencies has changed since prelinking
   /usr/bin/lsattr                                            [ BAD ]
/usr/sbin/prelink: /usr/bin/pstree: at least one of file's
dependencies has changed since prelinking
   /usr/bin/pstree                                            [ BAD ]
/usr/sbin/prelink: /usr/bin/sha1sum: at least one of file's
dependencies has changed since prelinking
   /usr/bin/sha1sum                                           [ BAD ]
/usr/sbin/prelink: /usr/bin/stat: at least one of file's dependencies
has changed since prelinking
   /usr/bin/stat                                              [ BAD ]
/usr/sbin/prelink: /usr/bin/users: at least one of file's dependencies
has changed since prelinking
   /usr/bin/users                                             [ BAD ]
/usr/sbin/prelink: /usr/bin/w: at least one of file's dependencies has
changed since prelinking
   /usr/bin/w                                                 [ BAD ]
/usr/sbin/prelink: /usr/bin/watch: at least one of file's dependencies
has changed since prelinking
   /usr/bin/watch                                             [ BAD ]
/usr/sbin/prelink: /usr/bin/who: at least one of file's dependencies
has changed since prelinking
   /usr/bin/who                                               [ BAD ]
/usr/sbin/prelink: /usr/bin/whoami: at least one of file's
dependencies has changed since prelinking
   /usr/bin/whoami                                            [ BAD ]
/usr/sbin/prelink: /bin/mount: at least one of file's dependencies has
changed since prelinking
   /bin/mount                                                 [ BAD ]
   /bin/netstat                                               [ OK ]
/usr/sbin/prelink: /bin/egrep: at least one of file's dependencies has
changed since prelinking
   /bin/egrep                                                 [ BAD ]
/usr/sbin/prelink: /bin/fgrep: at least one of file's dependencies has
changed since prelinking
   /bin/fgrep                                                 [ BAD ]
/usr/sbin/prelink: /bin/grep: at least one of file's dependencies has
changed since prelinking
   /bin/grep                                                  [ BAD ]
/usr/sbin/prelink: /bin/cat: at least one of file's dependencies has
changed since prelinking
   /bin/cat                                                   [ BAD ]
/usr/sbin/prelink: /bin/chmod: at least one of file's dependencies has
changed since prelinking
   /bin/chmod                                                 [ BAD ]
/usr/sbin/prelink: /bin/chown: at least one of file's dependencies has
changed since prelinking
   /bin/chown                                                 [ BAD ]
/usr/sbin/prelink: /bin/env: at least one of file's dependencies has
changed since prelinking
   /bin/env                                                   [ BAD ]
/usr/sbin/prelink: /bin/ls: at least one of file's dependencies has
changed since prelinking
   /bin/ls                                                    [ BAD ]
/usr/sbin/prelink: /bin/su: at least one of file's dependencies has
changed since prelinking
   /bin/su                                                    [ BAD ]
/usr/sbin/prelink: /bin/ps: at least one of file's dependencies has
changed since prelinking
   /bin/ps                                                    [ BAD ]
/usr/sbin/prelink: /bin/dmesg: at least one of file's dependencies has
changed since prelinking
   /bin/dmesg                                                 [ BAD ]
/usr/sbin/prelink: /bin/kill: at least one of file's dependencies has
changed since prelinking
   /bin/kill                                                  [ BAD ]
/usr/sbin/prelink: /bin/login: at least one of file's dependencies has
changed since prelinking
   /bin/login                                                 [ BAD ]
/usr/sbin/prelink: /sbin/chkconfig: at least one of file's
dependencies has changed since prelinking
   /sbin/chkconfig                                            [ BAD ]
/usr/sbin/prelink: /sbin/depmod: at least one of file's dependencies
has changed since prelinking
   /sbin/depmod                                               [ BAD ]
   /sbin/ifconfig                                             [ OK ]
/usr/sbin/prelink: /sbin/insmod: at least one of file's dependencies
has changed since prelinking
   /sbin/insmod                                               [ BAD ]
/usr/sbin/prelink: /sbin/ip: at least one of file's dependencies has
changed since prelinking
   /sbin/ip                                                   [ BAD ]
/usr/sbin/prelink: /sbin/modinfo: at least one of file's dependencies
has changed since prelinking
   /sbin/modinfo                                              [ BAD ]
/usr/sbin/prelink: /sbin/sysctl: at least one of file's dependencies
has changed since prelinking
   /sbin/sysctl                                               [ BAD ]
   /sbin/syslogd                                              [ OK ]
/usr/sbin/prelink: /sbin/init: at least one of file's dependencies has
changed since prelinking
   /sbin/init                                                 [ BAD ]
/usr/sbin/prelink: /sbin/runlevel: at least one of file's dependencies
has changed since prelinking
   /sbin/runlevel                                             [ BAD ]

so i made md5sum of ps and i got
e922ef5d20053700e207c8e142617731  /bin/ps
while on a stable FC2 i got
3af26558d301a42798dc629a05fe8e3b  /bin/ps
(file sizes are equal but md5sum differs)

these are md5sum of up2date rpms in /var/spool/up2date/

[root@plinux up2date]# ls -1 *.rpm |xargs -n 1 md5sum
70b1159aff827af2930b5488064c4a00  apr-util-0.9.4-14.2.i386.rpm
7cb8b237d58e62ba57fc8e48c87692f9  bison-1.875c-1.i386.rpm
5894d5f300e777ac1a8a8675bf2ba282  cdda2wav-2.01.1-0.FC2.1.i386.rpm
24a76389b1c0e6dbe0d9253d3de48a95  cdrecord-2.01.1-0.FC2.1.i386.rpm
8ddcc764c07ed351b7b6b7c90af7f0c7  cups-1.1.20-11.6.i386.rpm
f61f51721dd2c997c60d798f2b6d2677  cups-devel-1.1.20-11.6.i386.rpm
019ce3783f4d466cbb4a85b102e11e08  cups-libs-1.1.20-11.6.i386.rpm
f0ab2b25a26825b2cad32c721ec03524  cvs-1.11.17-2.i386.rpm
c8b8e3c700ef3e48b53eab20e6ee7f62  cyrus-sasl-2.1.18-2.2.i386.rpm
1ae4633b8efae2f9c7b963398cee58c5  cyrus-sasl-devel-2.1.18-2.2.i386.rpm
fbea0811ec245e404637c651b10f1e64  cyrus-sasl-md5-2.1.18-2.2.i386.rpm
40e096e298d95ce2a6d24b7cf4cf8ef1  cyrus-sasl-plain-2.1.18-2.2.i386.rpm
712617febeab53a9fb7e246f0322fb40  dhclient-3.0.1rc14-1.i386.rpm
d63ab700232f1dd1a5ff1a6d0dd409f6 
dvd+rw-tools-5.21.4.10.8-1.FC2.1.i386.rpm
08bce5e683ea8c4618be895bdf799a0c  ethereal-0.10.5-0.2.2.i386.rpm
71677725e2d368eb581bd2307ad6bfaf  fam-2.6.10-9.FC2.i386.rpm
8460e602f67fffef7661fc105a81a194  fam-devel-2.6.10-9.FC2.i386.rpm
4aef5ad7fc026cf7197896253facb2f5  finger-0.17-24.i386.rpm
571e627239ed4bb5c53d7298f54a56de  foomatic-3.0.1-3.1.i386.rpm
773c95f1618647219db8b682aca38484  ftp-0.17-21.i386.rpm
07cd19bb8f237e34fef9af2a67270c0f  gaim-1.0.2-0.FC2.i386.rpm
284c53af592976d1ba4e49ceb7c5a6b0  GConf2-2.6.0-7.i386.rpm
891f1d45cce0f81daf7e1f9e2da7a4ef  GConf2-devel-2.6.0-7.i386.rpm
32203e8cff61a2a6799426b695f35650  gd-2.0.21-5.20.1.i386.rpm
7e48d961b951212bc44372b489da9917  gd-devel-2.0.21-5.20.1.i386.rpm
174e82dcdccb7832bc7186eba1ba4f8f  gdk-pixbuf-0.22.0-11.3.5.i386.rpm
0c3af5f94ac47e2d206d37edbccea21b  gdk-pixbuf-devel-0.22.0-11.3.5.i386.rpm
3de7ba8c19de43d7570c41c55853f6a9  gdk-pixbuf-gnome-0.22.0-11.3.5.i386.rpm
b0414e6a7aa6ab3019b5d2a11d2ea009  gimp-2.0.5-0.fc2.3.i386.rpm
55558c084c77e51cf6e0b59e5d3af520  glib2-2.4.7-1.1.i386.rpm
9bb54171158c7094b5048e1dc97d3579  glib2-devel-2.4.7-1.1.i386.rpm
fcebfa1076aeda3b8b349623b4bf032b  glibc-2.3.3-27.1.i686.rpm
bac68f3806edf0c458cce94302d1fda6  glibc-common-2.3.3-27.1.i386.rpm
56f5bcdce78a2cccc1524a3210adecc3  glibc-devel-2.3.3-27.1.i386.rpm
20dcdcb13db882656d55ac1335209080  glibc-headers-2.3.3-27.1.i386.rpm
ead2ea0a230769764fa99cacb81d139d  gnome-applets-2.6.2.1-1.i386.rpm
6a9a71bcb3db8f10276fd728f613ce49  gnome-session-2.6.0-4.i386.rpm
a1da123edae3331e75b84dc4030b9839  gpdf-2.8.0-4.1.fc2.i386.rpm
46a450ab1dce47310f7ee9beb3cbed9d  gstreamer-0.8.3-2.i386.rpm
66e57ade90efbc7044c82bb8578dea23  gstreamer-plugins-0.8.2-2.1.i386.rpm
0dd2a5a13414eba573a3c8dae20be156  gtk2-2.4.13-2.1.i386.rpm
9749b8969be12503c14637854fa76a9c  gtk2-devel-2.4.13-2.1.i386.rpm
d8e4ed9aafd639fdfab26e6fe3cd8c29  httpd-2.0.51-2.9.i386.rpm
341a963e8ac8aba17c18eaebc7ac27c1  httpd-manual-2.0.51-2.9.i386.rpm
f71bcf83f17a273988d746bca746a404  hwdata-0.120-1.noarch.rpm
5b5845bff2ac7d524b5beea911099952 
iiimf-client-lib-11.4-46.1.svn1587.i386.rpm
fdc9e5cacf62741f6a7fdf609a1ca54c 
iiimf-client-lib-devel-11.4-46.1.svn1587.i386.rpm
0ee1159826fb92784712108a76780497 
iiimf-protocol-lib-11.4-46.1.svn1587.i386.rpm
774a22897c9eaa9b086f4ed98b6a7dce 
iiimf-protocol-lib-devel-11.4-46.1.svn1587.i386.rpm
d9d04d9df1981e22e45853789a99db19  imlib-1.9.13-19.i386.rpm
9589803f0299131a91bf78ea62cf68c3  imlib-devel-1.9.13-19.i386.rpm
6dd0fbc91af5c6104f4164c754b5f944  info-4.7-4.i386.rpm
e55ee09915a91028dcfd1d2b4e5a7a9d  initscripts-7.55.1-1.i386.rpm
bd27281718b27acd661262f93b71ceb2  k3b-0.11.14-0.FC2.2.i386.rpm
a05b23c8202566417a5bc2d3a3a5cd88  kdebase-3.2.2-6.FC2.i386.rpm
bc6d4263395d4af1a4b89503ff4a8e28  kdebase-devel-3.2.2-6.FC2.i386.rpm
1cc02d811b6a96d4382fe15e2b65a4cc  kdegraphics-3.2.2-1.1.i386.rpm
6f72f96c16132cac97501150bf6ddad7  kdegraphics-devel-3.2.2-1.1.i386.rpm
bbe4cd8f2842be7209f7821d8548926a  kdelibs-3.2.2-8.FC2.i386.rpm
9d25c78e9ae1e911411c47f8f4aaae2f  kdelibs-devel-3.2.2-8.FC2.i386.rpm
a143a0c9bd6ce972bd5019edb2317de1  kernel-2.6.9-1.6_FC2.i686.rpm
16d556d502f9d34729bcb166ec209ea8  krb5-devel-1.3.4-6.i386.rpm
1d720b00203ce00d4c75e3926ee618e4  krb5-libs-1.3.4-6.i386.rpm
a8a96c2adea4995d9b185dc0ecc1b33a  kudzu-1.1.68.2-1.i386.rpm
665a6f6e6eaa42c0d3552dd4c02a4695  kudzu-devel-1.1.68.2-1.i386.rpm
494c07eccce7cd3f5a040d8fb384eb8b  lha-1.14i-14.1.i386.rpm
f0d48b8af714fee6ba0df15c20f913c1  libbonobo-2.6.2-1.i386.rpm
c4d1f48221fe6413e6830d8395ee26ef  libbonobo-devel-2.6.2-1.i386.rpm
ddcc6b0c64babecae01cae9a9fc571c3  libgcrypt-1.2.0-1.i386.rpm
6b548ef29b51b46957cae5a2eb07dcb9  libgnome-2.6.0-3.i386.rpm
2fe93f6f27fdff138df2305b9013abf1  libgnome-devel-2.6.0-3.i386.rpm
9d6a40e364040cf242c7256e2bde43fc  libgpg-error-0.7-1.i386.rpm
3371dbcc6e1a77a6a2281349f169caff  libpcap-0.8.3-6.FC2.1.i386.rpm
6570d903af2d1e9d77523934cb6a73d9  libpng10-1.0.15-8.i386.rpm
478673873b01f6013d8d73b099171443  libpng10-devel-1.0.15-8.i386.rpm
c5c3418992aa4d48f1bb92dc1db42603  libpng-1.2.5-8.i386.rpm
87e3b3fdd3c733d5f29efd0e78c00185  libpng-devel-1.2.5-8.i386.rpm
cbc13c19af34bafd2a10384b14c70555  libselinux-devel-1.11.4-1.i386.rpm
f86f0dec436740a312ad310140a3d537  libtiff-3.5.7-20.2.i386.rpm
d78da339e6ac75c8bad8d6c87ca8c232  libtiff-devel-3.5.7-20.2.i386.rpm
b169e6a5f2457979ed1ba2a14597147c  libuser-0.52.5-0.FC2.1.i386.rpm
7246ceac99abb9ab5d0d134da35fc118  libuser-devel-0.52.5-0.FC2.1.i386.rpm
0246526182575860c61f93ccdd34b5e0  libwnck-2.6.0.1-3.i386.rpm
61c2625c9372f6a5fae74f77c5441cfc  libxml-1.8.17-10.1.2.i386.rpm
24a210aeaea0a81a2cfebb66d32b774e  libxml2-2.6.16-2.i386.rpm
9eb7d7f40f951b59a55b7d9c90d8ca9e  libxml2-devel-2.6.16-2.i386.rpm
b910e7ec98f7526c7bcf92c421f3cdf5  libxml2-python-2.6.16-2.i386.rpm
598438517a54905011fbbef355325e0c  libxml-devel-1.8.17-10.1.2.i386.rpm
a909ab040b2a3787eaa119af60b93b71  libxslt-1.1.12-2.i386.rpm
fdce2d30543f80ad3a42b9c0d60f31fc  libxslt-devel-1.1.12-2.i386.rpm
8d19868753289ecb92d11345627d368e  man-1.5o1-6.i386.rpm
028df80690bf6e8378594d1fe7ad4bcc  mkisofs-2.01.1-0.FC2.1.i386.rpm
700675a555fb7e7b250c3fb7b8daab03  mod_python-3.1.3-1.fc2.1.i386.rpm
f227c579f61c355c594f8e790695bcd8  mod_ssl-2.0.51-2.9.i386.rpm
98003b5cbdb7b826078044476f4f9f2c  mozilla-1.7.3-0.2.0.i386.rpm
2a91c4be123ac53fe6b59525d52dc59c  mozilla-mail-1.7.3-0.2.0.i386.rpm
4acf7bef07345a51b3879e254ef4c663  mozilla-nspr-1.7.3-0.2.0.i386.rpm
5d765dcaa8b94f9e516d288149789a22  mozilla-nss-1.7.3-0.2.0.i386.rpm
caa17b1b3a8a9639afdf2483068e0f12  net-tools-1.60-25.1.i386.rpm
f28bc9a9073217fa86bb0abe4a776b94  nfs-utils-1.0.6-22.i386.rpm
14b3d1a411a0dc6c79a0e88a73af53d1  nscd-2.3.3-27.1.i386.rpm
833ac916e85090e093f4dbe130d55bdc  openmotif-2.2.3-6.FC2.1.i386.rpm
715332db6b16e90f6b73949413ff9b98  openmotif-devel-2.2.3-6.FC2.1.i386.rpm
5b34614d218848b36ed5f0b340da183e  openoffice.org-1.1.2-11.4.fc2.i386.rpm
a0fc78b9383ae13454b5c8c8e8b768f2 
openoffice.org-i18n-1.1.2-11.4.fc2.i386.rpm
20374f89d4aa46cb796d4928b25b5caf 
openoffice.org-libs-1.1.2-11.4.fc2.i386.rpm
02225743dfed57c1b7a307ca5635d7dd  ORBit2-2.10.0-4.i386.rpm
cff55261ff4e71412ba3fc2e12def550  ORBit2-devel-2.10.0-4.i386.rpm
d35771cf8b06aa6db78b2ea76ea88d9e  pango-1.4.1-1.i386.rpm
d16965aa76b692a35b8fe03569ba8c4e  pango-devel-1.4.1-1.i386.rpm
d1fe583f52ef3543058210f6d814b050  pcmcia-cs-3.2.7-1.8.2.1.i386.rpm
3c614e351ee3bf2edd4bcccdaac730ae  php-4.3.8-2.1.i386.rpm
71211809dc9bfe8671d6c41f4ff33d46  php-ldap-4.3.8-2.1.i386.rpm
c1f7cf35bfe5091d720d65d4515ea9ae  php-mbstring-4.3.8-2.1.i386.rpm
6f08f5d2b259835ad514ea55c4c6f87c  php-pear-4.3.8-2.1.i386.rpm
a548de0ce4548036341eaee389e90f9d  ppp-2.4.2-5.2.FC2.i386.rpm
64f43afd922842ea5847d2549e989ffa  qt-3.3.3-0.1.i386.rpm
67cfecbeb2b1528a1224daca29a4fd6c  qt-designer-3.3.3-0.1.i386.rpm
88f2edc217d4d6ef27974756aac2d590  qt-devel-3.3.3-0.1.i386.rpm
b8cbbb010e06b9dd3ef2ea1306cd07de  redhat-artwork-0.96-2.i386.rpm
1dd097feb524de781f6ae9ecf74bcc3d  rsync-2.6.2-1.fc2.0.i386.rpm
215044acfc71e0e9573961256a86f192  samba-3.0.9-1.fc2.i386.rpm
ef369b89ce7cefd84402ee34eac2bb49  samba-client-3.0.9-1.fc2.i386.rpm
9c97b6758ecda6bdeb884218faab7b00  samba-common-3.0.9-1.fc2.i386.rpm
2a7d40bb7efb7137ee444b376cb82820  slang-1.4.9-12.i386.rpm
6cbde9c02238b4bbb15860fcb9b3e11b  slang-devel-1.4.9-12.i386.rpm
a4e7728468e13aa426b7433d0bafb210  sox-12.17.4-4.fc2.i386.rpm
50b0566dea8cb7222649d9400c8781b0  strace-4.5.5-1.i386.rpm
538dcce5c8739390e2727077c0281611 
system-config-date-1.7.3.1-0.fc2.1.noarch.rpm
b7fcedeab0e775cf285945de7e42b696 
system-config-display-1.0.17-2.noarch.rpm
31eed38c912af349294b8d74674133f4 
system-config-network-1.3.17-0.FC2.1.noarch.rpm
07a9ff2b80471e72b61c26cefb6e40e4 
system-config-network-tui-1.3.17-0.FC2.1.noarch.rpm
5f0a5ed15ee32b6eefe61b605414f8ba 
system-config-samba-1.2.22-0.fc2.1.noarch.rpm
65219e3ab59854ac2aca8d5f81f28f29 
system-config-users-1.2.28-0.fc2.1.noarch.rpm
3ee2a1a8776cb2d75203bccde5c50b4b  tcpdump-3.8.2-6.FC2.1.i386.rpm
573e634f4d0b43ab2b88a3b1754eea14  texinfo-4.7-4.i386.rpm
ea76294a58d62be0d221c3381b442931  tzdata-2004e-1.fc2.noarch.rpm
2891853d846531c64193a18fc32f893f  vnc-server-4.0-5.i386.rpm
742d2a8bc5d970b61654004780699dbf  wget-1.9.1-16.fc2.i386.rpm
aad409de3215303498550b118c625817  xinitrc-3.42-1.noarch.rpm
6e27f8afd9231e185c81734cc013cc46  xorg-x11-100dpi-fonts-6.7.0-10.i386.rpm
bf07fd7d60eb548ce33a9af4de36ab34  xorg-x11-6.7.0-10.i386.rpm
4a055faabb847ac9decb722c7367af3b  xorg-x11-75dpi-fonts-6.7.0-10.i386.rpm
20c9d95897d02cb28370dd8e7851a96d  xorg-x11-base-fonts-6.7.0-10.i386.rpm
004532cb02e2ec9acab2e9682665be83  xorg-x11-devel-6.7.0-10.i386.rpm
1e86294ce6c318d389f9ee7103fc3726  xorg-x11-font-utils-6.7.0-10.i386.rpm
dd6ffe12805f836359305895dc6cd784  xorg-x11-libs-6.7.0-10.i386.rpm
5469b7a87f8c5a4248652ee1e9a11377  xorg-x11-libs-data-6.7.0-10.i386.rpm
9a2ca053b04a931f575a1be1e73a45b2  xorg-x11-Mesa-libGL-6.7.0-10.i386.rpm
7e8a6414fcf02536847f8ae45893bfd1  xorg-x11-Mesa-libGLU-6.7.0-10.i386.rpm
4e3eea649d7872a069770c8130201285  xorg-x11-tools-6.7.0-10.i386.rpm
7e1ce9816fafe9425a05068ace414757  xorg-x11-twm-6.7.0-10.i386.rpm
c96728b5bba2d9b3d1d1c2fdb64a4c50  xorg-x11-xauth-6.7.0-10.i386.rpm
74fac8be1caedc751ce7b2af6d95967c  xorg-x11-xdm-6.7.0-10.i386.rpm
0f942a7fda7316932de880abf56d638b  xorg-x11-xfs-6.7.0-10.i386.rpm
4d69d5e3c58b4bc36cd02f0c5690322c  xpdf-3.00-3.4.i386.rpm
c50729dab4fb95168a9897397b08e55a  zip-2.3-26.2.i386.rpm

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 emanuele maiarelli 2004-12-01 05:53:02 EST
Created attachment 107705 [details]
output of rkhunter v 1.1.8

rkhunter find md5sum differences, but don't find any known rootkit
Comment 2 emanuele maiarelli 2004-12-01 05:58:42 EST
Created attachment 107706 [details]
md5sums of donwloaded packages 

result of 'ls -1 *.rpm |xargs -n 1 md5sum' executed in /var/spool/up2date
Comment 3 emanuele maiarelli 2004-12-01 06:29:40 EST
excuse me for the mess of the previous message, i have separated the 
text outputs from the message see attachemnt. 
 
The actual state of the FC2 is very strange, kde windows are 
displayed in a strange manner, the root user name is reported beetwen 
pipes (i mean '|r|oot@...'), mainly every system command related to 
process handling seem tampered. I say so because these md5sums don't 
match with md5sums of another FC2 equally updated (on which rkhunter 
don't find any strange sum..). 
 
For example on tampered FC2 md5sum of /bin/ps is 
e922ef5d20053700e207c8e142617731  /bin/ps 
on the other FC2 is 
3af26558d301a42798dc629a05fe8e3b  /bin/ps 
 
Is this mess a consequence of the crash (a total freeze of the 
system) of up2date, while updating kernel-2.6.9-1.6_FC2.i686.rpm, or, 
as i fear, some of the downloaded rpms are tampered/trojaned ? 
 
Notice that i have removed kernel-2.6.9-1.6_FC2.i686.rpm (rpm -e), 
and sums are still bad and nothing is changed. 
 
 
 
 
Comment 4 emanuele maiarelli 2004-12-01 06:31:13 EST
Created attachment 107707 [details]
some rows of 'rpmverify -a'

everything seem messed up
Comment 5 emanuele maiarelli 2004-12-01 07:05:59 EST
prelink -f /bin/ps 
solve the md5sum(for ps)... 
the two fedora md5sums still differ, but the supposed tampered change   
md5sum ,and now rkhunter don't remark it as tampered.. 
 
what is going on? 
it's a prelink problem?(caused by the crash ?) 
 
 
  
Comment 6 emanuele maiarelli 2004-12-01 07:47:45 EST
it's realy seem to be a prelink problem: 
 
1) i run rpm -F --force /var/spool/up2date/*.rpm 
   and install some rpms that previously were discarded. 
 
2) i run prelink -fa and now rkhunter states that everything is ok. 
   Still md5sums of the two FC2 doesn't match, but i'm starting to 
   think that is should not be a problem (prelink rules(?!)...). 
   3af26558d301a42798dc629a05fe8e3b  /bin/ps (stable) 
 vs 
   1fa8c90668a908d25dac4fb0d6b260cd  /bin/ps (disastered) 
 
3) the rpm database seems totaly compromised... (i could rebuild it, 
   but now seems more simple reinstall a fresh FC2 or FC3) 
 
My only hope is that i'am right in thinking that the crash is at the 
"root" of the problems, and there isn't any tampered/trojaned package 
filtered into the up2date networks. 
 
I'll appreciate if anyone can confirm this. 
    
    
PS: after prelink no more '|r|oot@...' :) 
 
Comment 7 Adrian Likins 2004-12-02 16:51:13 EST
First thought is the rpm database got corrupted from the up2date
crash.

I'd grab a copy of the rpmdb (/var/lib/rpm/*) then run:

rpm --rebuilddb


Then verify that the versions of packags that the rpm db
claims installed, are actually whats installed. I suspect
the db thinks you have different versions of the packges
installed than what is currently on disk. 
Comment 8 emanuele maiarelli 2004-12-04 09:32:22 EST
Thank you for the help,

yes it's ture, after forcing prelinking (that had solved the rkhunter
warnings about md5sum faillures), the only problem that remain was rpm
database corrupted by the crash, and rebuilding as you state solve the
problem.

My question is why md5sum of same files on equal systems (two FC2
equally upgraded) doesn't match? 
Is this caused by prelinking or what?
Comment 9 Josh Bressers 2004-12-06 09:26:07 EST
I'm removing the security severity.  This is not a security issue.
Comment 10 Matthew Miller 2005-04-26 11:36:11 EDT
Fedora Core 2 is now maintained by the Fedora Legacy project for
security updates only. If this problem is a security issue, please
reopen and reassign to the Fedora Legacy product. If it is not a
security issue and hasn't been resolved in the current FC3 updates or
in the FC4 test release, reopen and change the version to match.
Comment 11 David Lawrence 2006-04-18 16:20:58 EDT
NEEDINFO_ENG has been deprecated in favor of NEEDINFO or ASSIGNED. Changing
status to ASSIGNED for ENG review.
Comment 12 John Thacker 2006-04-22 11:18:58 EDT
up2date is no longer shipped with Fedora Core; it's functionality 
has been replaced by pup, found in the pirut package.  The only fixes 
likely to be made to up2date in RedHat Linux and earlier Fedora Core 
versions are security fixes by Fedora Legacy.  This does not seem to 
be a security bug, so I'm closing it.

If the problem is appropriate to RHEL and occurs to a user there, it 
can be filed as such.

Note You need to log in before you can comment on or make changes to this bug.