View Single Post
  #1   (View Single Post)  
Old 6th July 2011
J65nko J65nko is offline
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,503
Default Popular FTP package (vsftp) tarball poisoned


A backdoor has been discovered in the source code of a widely used FTP package.

Version 2.3.4 of the source code for vsftpd – billed as probably the most secure and fastest FTP server for Unix-like systems – was replaced with a compromised version with an invalid signature. The dodgy tarball version of the code was uploaded onto the main download site and available for around three days before the hack was detected by Chris Evans, the author of vsftpd, on Sunday (3 July).
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote