|
|
Info |
Last Modified |
| 4 months ago |
|
|
|
|
Description |
Software distributed from various sites may contain a backdoor or malicious code. The issue is due to the distribution site being compromised by an attacker who then modifies the software available to everyone else. By placing a backdoor or other malicious code in the software package, any subsequent downloads may pose a risk to administrators who choose to install the software. This type of attack is extremely difficult to counter against given the nature of the internet. In the past, several sites have experienced such an attack. The list included contains known occurances but is far from inclusive. The only way to really prevent such attacks is consistantly check the site for news of such attacks and continue to check MD5 sums for all downloads (even though they can be trivially forged under such a scenario).
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Other
Impact:
Loss of Integrity
Exploit:
Exploit Rumored / Private
|
|
Technical |
A list of sites or software distributions known to have been compromised or altered to contain a backdoor or suspect code:
- util-linux 2.9g (Jan 1999)
- wuarchive ftpd (wuftpd) 2.2 and 2.1f (Apr 1994)
- cs-pub.bu.edu IRC clients (summer 1994)
- IRC client (ircII) ircII 2.2.9 (Oct 1994)
- TCP Wrappers 7.6 (Jan 1999)
- apache.org (May 2001)
- sourceforge.net (May 2001)
- libpcap (Nov 2002)
- tcpdump (Nov 2002)
- OpenSSH 3.4p1 (Aug 2002)
- gnuftp.gnu.org (Mar 2003)
- linux kernel 2.6-test9-CVS on kernel.bkbits.net (Nov 2003)
- jabber.org (Feb 2005)
|
|
Solution |
Upgrade to the latest version deemed safe by the site administrator. It is essential that previous versions be completely removed before the new version is installed to guarantee integrity.
|
|
Products |
|
All Products
 |
All Versions |
|
|
|
|
Credit |
Unknown or Incomplete
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
