Date: Tue, 5 Jul 2011 07:58:39 +0400 From: Solar Designer <solar@...nwall.com> To: HD Moore <hdm@...italoffense.net> Cc: oss-security@...ts.openwall.com, scarybeasts@...il.com Subject: Re: vsftpd download backdoored On Mon, Jul 04, 2011 at 10:31:07PM -0500, HD Moore wrote: > Thanks for the CC -- as a guess as to what happened; was this particular > mirror compromised What mirror? As far as I'm aware, from the announcement by Chris, only the official distribution site for vsftpd was compromised. > and the original tarball modified (along with its > mtime) to match the original Feb 15th date? Maybe. Do you have a copy of the backdoored tarball? I don't, and no one on forums where I saw this discussed appears to have it (which confirms that it existed for a very short period of time only). > Does anyone have a "we noticed it first" flag that is before July 3rd? Not that I know of. > Debian (and most other repos) are storing the SHA-256/SHA1/MD5 of each > source package, so a Feb 15 date does seem incredible, but so does the > complete pwnage of a non-official mirror with the original mtime, at the > same moment as an official dist server compromise. A nightly rsync would > account for this, but we would need to know more about the mirror > structure from Chris. Are you trying to say that Debian got the backdoored copy? This is news to me. Thanks, Alexander
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.