[ISN] GNU Project's FTP Servers Hacked

From: InfoSec News (isnat_private)
Date: Fri Aug 15 2003 - 00:58:37 PDT

Next message: InfoSec News: "[ISN] Phrack #61 is OUT!"

Previous message: InfoSec News: "[ISN] Richer surfers feel less secure"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.eweek.com/article2/0,3959,1220855,00.asp

By Dennis Fisher
August 14, 2003 

The system that houses the main FTP servers for the GNU Project has
been compromised by a cracker who was apparently bent on harvesting
passwords for a future attack.

The intrusion apparently occurred in March, although officials at the
Free Software Foundation Inc., which operates the GNU Project, didn't
discover the compromise until about two weeks ago. They have spent the
intervening time checking the integrity of all of the GNU source code
stored on the servers and don't believe that any of the code was
modified.

The FTP servers at the GNU Project serve as repositories for the
source code for many of the open-source software projects on the
Internet. The servers house hundreds of pieces of source code at any
one time, and GNU Project members are still in the process of
verifying the MD5 checksums for each file.

The compromise, which affected the "gnuftp.gnu.org" server, was
apparently accomplished by exploiting a vulnerability in the "ptrace"  
function in some versions of the Linux kernel, according to a
statement released by the Boston-based Free Software Foundation. FSF
officials said the machine appears to have been rooted in the week
between the discovery of the ptrace flaw and the release of the patch.

"It appears that the machine was cracked using a ptrace exploit by a
local user immediately after the exploit was posted," the FSF
statement says.

The foundation has also compiled a list of the files that were on the
server at the time of the compromise and the reasons why they believe
that the checksums are valid for each file.

The GNU Project brought a replacement FTP server online on Aug. 2. and
has withdrawn local shell access to the server until the certification
of all of the source code files is finished.

GNU is a recursive acronym for GNU's not Unix, and began in 1984 as an
effort to create a new, free operating system.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoat_private with 'unsubscribe isn'
in the BODY of the mail.

Next message: InfoSec News: "[ISN] Phrack #61 is OUT!"
Previous message: InfoSec News: "[ISN] Richer surfers feel less secure"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Aug 15 2003 - 04:44:03 PDT