najpierw irssi teraz bitchx?
Jarosław Kamper
jack w jack.eu.org
Pon, 1 Lip 2002, 20:57:09 CEST
On Mon, Jul 01, 2002 at 07:45:56PM +0200, Łukasz J. Mozer wrote:
> Witajcie.
>
> A few hours ago (1 AM US/Eastern time, July 1) we downloaded
> ircii-pana-1.0c19.tar.gz from ftp.bitchx.com (216.165.191.5) and
> reviewed the configure script before running it. It has essentially
> the same configure backdoor as fragroute-1.2.tar.gz[1] -- a TCP
> connection is made outbound, with a shell bound to it (a reverse
> telnet). This appears to retry/respawn once per hour. The 1.0c19
> tarball at ftp.irc.org (which mirrors bitchx.com) did not appear to be
> trojaned when we pulled from there about an hour later.
>
> http://online.securityfocus.com/archive/1/280009/2002-06-28/2002-07-04/0
>
> Za bugtraq && pl.irc
A dalej jest:
/dist$ md5sum ircii-pana-1.0c19*
46805199254c0fa2119d7c579194aba8 ircii-pana-1.0c19-bitchxorg.tar.gz [bad]
79431ff0880e7317049045981fac8adc ircii-pana-1.0c19-ircorg.tar.gz [good]
/src/ircii-pana-1.0c19-possiblytrojaned$ md5sum */configure
d6444c18b6faf352dfc6ca3bf8cb802a ftp.bitchx.org/configure [bad]
0bd531d523606a0296da2763dafa51f2 ftp.irc.org/configure [good]
A u nas:
[jack w pldworkstation rpm]$ cvs log SOURCES/ircii-pana-1.0c19.tar.gz|grep 79431ff0880e7317049045981fac8adc
79431ff0880e7317049045981fac8adc ircii-pana-1.0c19.tar.gz
Sumy się zgadzają, więc żeby znowu komuś do głowy nie przyszło
bezsensowne usuwanie dobrych źródeł jak z irssi...
--
.:|Jarosław Kamper|:×:|jack w irc.pl|:×:|http://jack.eu.org/|:×:|RLU#165846|:.
Więcej informacji o liście dyskusyjnej pld-devel-pl