ftp/proftpd 1.3.3c with a version which contained a backdoor.

Rob Farmer rfarmer at predatorlabs.net
Thu Dec 2 22:55:06 UTC 2010

On Thu, Dec 2, 2010 at 14:00, Chuck Swiger <cswiger at mac.com> wrote:
> Presumably/hopefully, the proftpd tarball which contained the backdoor would fail to match the distinfo for the port:
> SHA256 (proftpd-1.3.3c.tar.bz2) = ea7f02e21f81e6ce79ebde8bbbd334bd269a039ac9137196a35309f791b24db1
> SIZE (proftpd-1.3.3c.tar.bz2) = 4166609
> Checking, the tarball you now fetch is the one which matches their md5 and GnuPG signing from the link above...

For several hours on Wednesday the distinfo was updated to the
compromised version (it has been reverted), so anyone who updated this
port recently should check their system.

Rob Farmer

More information about the freebsd-ports mailing list