DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 14th June 2010
J65nko J65nko is online now
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,135
Thanked 182 Times in 149 Posts
Default IRC server had backdoor in source code for months

From http://www.h-online.com/security/new...s-1020987.html

Quote:
he developers of the open source IRC server UnrealIRCd have had to report that the file servers of the project were compromised several months ago and the IRC servers code, Unreal3.2.8.1.tar.gz was replaced by a version with a backdoor. The backdoor allows anyone to execute commands on the server running UnrealIRCd, with the privileges of the user running the IRC daemon, even if the IRC server is a hub or requires passwords to access it normally. According to the report, the version with the backdoor was apparently placed on file servers in November 2009, but remained unnoticed until now.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #2   (View Single Post)  
Old 15th June 2010
J65nko J65nko is online now
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,135
Thanked 182 Times in 149 Posts
Default

For an update see http://www.h-online.com/security/new...e-1020987.html
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #3   (View Single Post)  
Old 15th June 2010
thirdm thirdm is offline
Package Pilot
 
Join Date: May 2009
Posts: 195
Thanked 3 Times in 3 Posts
Default

I noticed that gentoo, who gets positive coverage in the login; article below for the way they sign packages, was at one point serving up the compromised source, while debian never packaged it, not because signatures or hashes alerted them to irregularities but because certain debian developers had bad feelings about the reliability of the source. That isn't to pick on Gentoo, but it fits very well with the sort of things you sometimes read in openbsd-ports or Bruce Schneier articles about technological measures verses social factors.

http://www.usenix.org/publications/l...dfs/samuel.pdf

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=515130
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Source code management system Darcs 2.4 released J65nko News 0 3rd March 2010 12:42 AM
explore source code for installed program bsdnewbie999 OpenBSD General 1 23rd February 2009 06:13 AM
Trying to compile GLUT source code on freebsd. welkin Programming 0 11th January 2009 03:15 PM
Google released Android source code graudeejs Off-Topic 1 22nd October 2008 10:02 PM
Source code for ed? matt FreeBSD Ports and Packages 1 21st October 2008 08:18 PM


All times are GMT. The time now is 09:54 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick