Critical Warning - ProFTPD 1.3.3c source code compromised

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • roly
    Confirmed User
    • Aug 2002
    • 1844

    #1

    Critical Warning - ProFTPD 1.3.3c source code compromised

    Hi

    it looks like the source code of ProFTPD 1.3.3c has been compromised on the proftp servers as of 28th November until 2nd december. so if you've updated proftp between those dates there's probably a backdoor on your server now.
  • CaptainHowdy
    Too lazy to set a custom title
    • Dec 2004
    • 94733

    #2
    Keepin' the warning on top...

    Comment

    • MasterM
      Confirmed User
      • Oct 2002
      • 248

      #3
      ProFTPD Compromise Report

      On Sunday, the 28th of November 2010 around 20:00 UTC the main
      distribution server of the ProFTPD project was compromised. The
      attackers most likely used an unpatched security issue in the FTP daemon
      to gain access to the server and used their privileges to replace the
      source files for ProFTPD 1.3.3c with a version which contained a backdoor.
      The unauthorized modification of the source code was noticed by
      Daniel Austin and relayed to the ProFTPD project by Jeroen Geilman on
      Wednesday, December 1 and fixed shortly afterwards.

      The fact that the server acted as the main FTP site for the ProFTPD
      project (ftp.proftpd.org) as well as the rsync distribution server
      (rsync.proftpd.org) for all ProFTPD mirror servers means that anyone who
      downloaded ProFTPD 1.3.3c from one of the official mirrors from 2010-11-28
      to 2010-12-02 will most likely be affected by the problem.

      The backdoor introduced by the attackers allows unauthenticated users
      remote root access to systems which run the maliciously modified version
      of the ProFTPD daemon.

      There's more info:

      Users are strongly advised to check systems running the affected code for
      security compromises and compile/run a known good version of the code.
      To verify the integrity of the source files, use the GPG signatures
      available on the FTP servers as well on the ProFTPD homepage at:

      http://www.proftpd.org/md5_pgp.html.

      The MD5 sums for the source tarballs are:

      8571bd78874b557e98480ed48e2df1d2 proftpd-1.3.3c.tar.bz2
      4f2c554d6273b8145095837913ba9e5d proftpd-1.3.3c.tar.gz

      The PGP signatures for the source tarballs are:

      proftpd-1.3.3c.tar.bz2:

      -----BEGIN PGP SIGNATURE-----
      Version: GnuPG v1.4.9 (GNU/Linux)

      iEYEABECAAYFAkzLAWYACgkQt46JP6URl2qu3QCcDGXD+fRPOd KMp8fHyHI5d12E
      83gAoPHBrjTFCz4MKYLhH8qqxmGslR2k
      =aLli
      -----END PGP SIGNATURE-----

      proftpd-1.3.3c.tar.gz:

      -----BEGIN PGP SIGNATURE-----
      Version: GnuPG v1.4.9 (GNU/Linux)

      iEYEABECAAYFAkzLAW0ACgkQt46JP6URl2ojfQCfXy/hWE8G5mhdhdLpaPUZsofK
      pO8Anj+uP0hQcn1E/CEUddI0mezlSCmg
      =e8el
      -----END PGP SIGNATURE-----

      The PGP key of TJ Saunders has been used to sign the source tarballs;
      it is available via MIT's public keyserver.
      -----BEGIN PGP SIGNATURE-----
      Version: GnuPG v1.4.9 (GNU/Linux)

      iEYEARECAAYFAkz23FwACgkQt46JP6URl2pQ3QCfTWAZ8ZTGvr uPD1pRJUpLM3gw
      hUsAoLI4YnmXVgUIVhU2vFWD1rOYffEY
      =3m3x
      -----END PGP SIGNATURE-----

      Comment

      • roly
        Confirmed User
        • Aug 2002
        • 1844

        #4
        back to the top

        Comment

        Working...