[ale] Re: util-linux compromised (fwd)
Chris Ricker
kaboom at gatech.edu
Sun Jan 24 11:27:19 EST 1999
That's two trojans on ftp.win.tue.nl that have been discovered recently
(Wietse Venema recently discovered that his tcp wrappers had been as well).
If you've downloaded anything from there lately, I'd look into it a bit
further to make sure it wasn't also compromised.
@#%^! hotmail users! ;-)
later,
chris
--
Chris Ricker kaboom at gatech.edu
chris.ricker at m.cc.utah.edu
---------- Forwarded message ----------
Date: Sun, 24 Jan 1999 14:19:09 +0100 (MET)
From: Andries.Brouwer at cwi.nl
Subject: Re: util-linux compromised
I just received the following letter:
Date: Sun, 24 Jan 1999 04:01:55 -0500 (EST)
From: John Stange <building at cs.umd.edu>
Subject: util-linux compromised?
I grabbed util-linux-2.9g yesterday from win.tue.nl, and discovered a
section of login.c that appears to send the host and uid of the user to a
hotmail address. I imagine this isn't a standard feature. :> Given that
the tcp wrappers archive was backdoored on that same server recently, you
might want to comb over the rest of your stuff as well, if any of it's
yours.
-- John Stange
Staff World, 4120 AVW
x52720
and indeed, util-linux-2.9g had been replaced by a trojan version.
Unfortunately this means that everything from ftp.win.tue.nl
must be regarded as suspect for the moment.
I put a correct util-linux-2.9g.tar.gz back, with md5sum
ab409a6ac5a775a4b04b8e27f6c86933 util-linux-2.9g.tar.gz
but of course, for the time being, nothing on this machine can be trusted.
Andries
More information about the Ale
mailing list