ftp/proftpd 1.3.3c with a version which contained a backdoor.
Rob Farmer
rfarmer at predatorlabs.net
Thu Dec 2 22:55:06 UTC 2010
On Thu, Dec 2, 2010 at 14:00, Chuck Swiger <cswiger at mac.com> wrote:
> Presumably/hopefully, the proftpd tarball which contained the backdoor would fail to match the distinfo for the port:
>
> SHA256 (proftpd-1.3.3c.tar.bz2) = ea7f02e21f81e6ce79ebde8bbbd334bd269a039ac9137196a35309f791b24db1
> SIZE (proftpd-1.3.3c.tar.bz2) = 4166609
>
> Checking, the tarball you now fetch is the one which matches their md5 and GnuPG signing from the link above...
For several hours on Wednesday the distinfo was updated to the
compromised version (it has been reverted), so anyone who updated this
port recently should check their system.
--
Rob Farmer
More information about the freebsd-ports
mailing list