bitchx sources backdoored on distribution site

From: Michał Szwaczko (mikeyat_private)
Date: Sat Apr 12 2003 - 17:45:17 PDT

Next message: drG4njubas: "Web Wiz Site News realease v3.06 administration access."

Previous message: SGI Security Coordinator: "[Full-Disclosure] Multiple Vulnerabilities in BSD LPR Subsystem on IRIX"
Next in thread: Neeko Oni: "Re: bitchx sources backdoored on distribution site"
Reply: Neeko Oni: "Re: bitchx sources backdoored on distribution site"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

Can anyone verify that the bitchx 1.0c19 sources are backdoored.
The configure script contains the following code which I think is a shell daemon.
Perhaps I am making fool of myself right now since I am not a security guru but this looks weird. 
Can you verify ?

If this is true, then the host that will get the shell is smtp.wia.com which is an alias of
ftp2.bitchx.org. 

Attached is the code fragment I found in configure 
What do you think ? 

ps. after having run configure the code fragment disappears from the script. 

-- 
Michał 'Mikey' Szwaczko
Developer/Troubleshooter

You're using a keyboard!  How quaint!

text/plain attachment: configure.c

Next message: drG4njubas: "Web Wiz Site News realease v3.06 administration access."
Previous message: SGI Security Coordinator: "[Full-Disclosure] Multiple Vulnerabilities in BSD LPR Subsystem on IRIX"
Next in thread: Neeko Oni: "Re: bitchx sources backdoored on distribution site"
Reply: Neeko Oni: "Re: bitchx sources backdoored on distribution site"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Apr 14 2003 - 10:35:52 PDT