|
|
|
|
||||
|
Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact us. |
 |
|
|||||||
| Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed. |
|
|
Thread Tools |
12-02-2010, 03:29 AM
|
#1 |
|
Confirmed User
Join Date: Aug 2002
Posts: 1,844
|
Critical Warning - ProFTPD 1.3.3c source code compromised
Hi
it looks like the source code of ProFTPD 1.3.3c has been compromised on the proftp servers as of 28th November until 2nd december. so if you've updated proftp between those dates there's probably a backdoor on your server now. |
|
|
|
12-02-2010, 06:06 AM
|
#2 |
|
Too lazy to set a custom title
Industry Role:
Join Date: Dec 2004
Location: Happy in the dark.
Posts: 93,560
|
Keepin' the warning on top...
|
|
|
|
|
12-02-2010, 06:38 AM
|
#3 |
|
Confirmed User
Join Date: Oct 2002
Location: netherlands
Posts: 248
|
ProFTPD Compromise Report
On Sunday, the 28th of November 2010 around 20:00 UTC the main distribution server of the ProFTPD project was compromised. The attackers most likely used an unpatched security issue in the FTP daemon to gain access to the server and used their privileges to replace the source files for ProFTPD 1.3.3c with a version which contained a backdoor. The unauthorized modification of the source code was noticed by Daniel Austin and relayed to the ProFTPD project by Jeroen Geilman on Wednesday, December 1 and fixed shortly afterwards. The fact that the server acted as the main FTP site for the ProFTPD project (ftp.proftpd.org) as well as the rsync distribution server (rsync.proftpd.org) for all ProFTPD mirror servers means that anyone who downloaded ProFTPD 1.3.3c from one of the official mirrors from 2010-11-28 to 2010-12-02 will most likely be affected by the problem. The backdoor introduced by the attackers allows unauthenticated users remote root access to systems which run the maliciously modified version of the ProFTPD daemon. There's more info: Users are strongly advised to check systems running the affected code for security compromises and compile/run a known good version of the code. To verify the integrity of the source files, use the GPG signatures available on the FTP servers as well on the ProFTPD homepage at: http://www.proftpd.org/md5_pgp.html. The MD5 sums for the source tarballs are: 8571bd78874b557e98480ed48e2df1d2 proftpd-1.3.3c.tar.bz2 4f2c554d6273b8145095837913ba9e5d proftpd-1.3.3c.tar.gz The PGP signatures for the source tarballs are: proftpd-1.3.3c.tar.bz2: -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEABECAAYFAkzLAWYACgkQt46JP6URl2qu3QCcDGXD+fRPOd KMp8fHyHI5d12E 83gAoPHBrjTFCz4MKYLhH8qqxmGslR2k =aLli -----END PGP SIGNATURE----- proftpd-1.3.3c.tar.gz: -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEABECAAYFAkzLAW0ACgkQt46JP6URl2ojfQCfXy/hWE8G5mhdhdLpaPUZsofK pO8Anj+uP0hQcn1E/CEUddI0mezlSCmg =e8el -----END PGP SIGNATURE----- The PGP key of TJ Saunders has been used to sign the source tarballs; it is available via MIT's public keyserver. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkz23FwACgkQt46JP6URl2pQ3QCfTWAZ8ZTGvr uPD1pRJUpLM3gw hUsAoLI4YnmXVgUIVhU2vFWD1rOYffEY =3m3x -----END PGP SIGNATURE----- |
|
|
|
|
12-02-2010, 10:21 AM
|
#4 |
|
Confirmed User
Join Date: Aug 2002
Posts: 1,844
|
back to the top
|
|
|
|
