Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Internet Security Industry News

GNU Project Server Hacked by Intruder

Save your company's valuable data with Proxy Sentinel™ from Internet Security. Click here for all the details.

August 15, 2003

The system housing the primary FTP servers for the GNU Software Project has been compromised an intruder, the Free Software Foundation (FSF) announced Thursday, warning that a Trojan horse was also found.

The GNU Project, which is a clearing house for a variety of freely available open-source software, was root compromised sometime in July 2003 but the FSF did not discover the intrusion until the end of the month, according to executive director Bradley Kuhn.

"The modus operandi of the cracker shows that (s)he was interested primarily in using gnuftp to collect passwords and as a launching point to attack other machines. It appears that the machine was cracked using a ptrace exploit by a local user immediately after the exploit was posted," Kuhn explained.

He said the Foundation did a substantial investigation of the server breach but found no evidence that source code was compromised. "The evidence includes the MO of the cracker, the fact that every file we've checked so far isn't compromised, and that searches for standard source trojans turned up nothing," Kuhn added.

However, the Foundation is warning that some files may still be compromised. "Given the nature of the compromise and the length of time the machine was compromised, we have spent the last few weeks verifying the integrity of the GNU source code stored on gnuftp. Most of this work is done, and the remaining work is primarily for files that were uploaded since early 2003, as our backups from that period could also theoretically be compromised," he explained.

Kuhn said the unchecked files will be listed in the project's root directory as 'MISSING-FILES' until trusted secure checksums can be made available.

As a result of the compromise, Kuhn said the Foundation would immediately discontinue local shell access to the FTP server for GNU maintainers. In a separate advisory, the CERT Coordination Center warned that the compromise poses a "serious threat."

"Because this system serves as a centralized archive of popular software, the insertion of malicious code into the distributed software is a serious threat," CERT/CC said, warning that the potential exists for an intruder to have inserted back doors, Trojan horses or other malicious code into the source code distributions of software housed on the compromised system.

CERT/CC is encouraging sites using the GNU software obtained from the compromised system to verify the integrity of their distribution. "Sites that mirror the source code are encouraged to verify the integrity of their sources. We also encourage users to inspect any and all other software that may have been downloaded from the compromised site," the Center added.

Source: Internet News.com


Save Internet Security.ca's URL to the list of your favorite web sites
in your Web browser by clicking here.

Back to the top of the page.         
Click here to order your Proxy Sentinel™ Internet security server today!

Proxy Sentinel™ is the most secure Internet proxy server on the market today. Click here for more information.
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet Security.ca is listed in
Global Business Listing

| Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact |
Copyright © Internet Security.ca 2003    Terms of use    Privacy agreement    Legal disclaimer