Linked by Jordan Spencer Cunningham on Mon 14th Jun 2010 23:58 UTC
Bugs & Viruses Recently, the Linux version of UnrealIRCd was discovered to have had a Trojan worm its way into the source code. Even more embarrassing for the developers of Unreal is that the Trojan's been holding open the backdoor in the source code since November of 2009-- not very recently. And, of course, bloggers and press in general are taking the opportunity of another breach in Linux security to point out doomsday devices that don't really exist.
Thread beginning with comment 430037
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: Source code?
by umccullough on Tue 15th Jun 2010 02:01 UTC in reply to "Source code?"
umccullough
Member since:
2006-01-26

All the reports I've read about this so far play it off as a manipulated download file on several mirror sites (and their main site?).


Replying to myself (to clarify for all) - so it seems only the source tarball they provided for download was compromised.

Their CVS repo was not, and neither were the pre-compiled binary installers for Windows, etc.

Reply Parent Score: 2

RE[2]: Source code?
by lemur2 on Tue 15th Jun 2010 02:29 in reply to "RE: Source code?"
lemur2 Member since:
2007-02-17

"All the reports I've read about this so far play it off as a manipulated download file on several mirror sites (and their main site?).
Replying to myself (to clarify for all) - so it seems only the source tarball they provided for download was compromised. Their CVS repo was not, and neither were the pre-compiled binary installers for Windows, etc. "

It is pertinent to note that neither was any code compromised which was actually a part of any GNU/Linux distribution.

Reply Parent Score: 2

RE[3]: Source code? - Gentoo
by jabbotts on Tue 15th Jun 2010 20:09 in reply to "RE[2]: Source code?"
jabbotts Member since:
2007-09-06

Not anymore, Gentoo has already pushed the patched update out to it's users.

Reply Parent Score: 2

RE[2]: Source code?
by aesiamun on Tue 15th Jun 2010 04:28 in reply to "RE: Source code?"
aesiamun Member since:
2005-06-29

While the source tarball was tainted, they didn't fix the md5 string file...anyone caring about security would have run an md5sum and compared it to what the original developers put up there as the original md5 sum.

Reply Parent Score: 3

RE[3]: Source code?
by lemur2 on Tue 15th Jun 2010 04:45 in reply to "RE[2]: Source code?"
lemur2 Member since:
2007-02-17

While the source tarball was tainted, they didn't fix the md5 string file...anyone caring about security would have run an md5sum and compared it to what the original developers put up there as the original md5 sum.


All done automatically and with better security if you use the package manager system.

Since this package was open source, why didn't they simply submit it to the distributions? That way it would have been part of the various distribution package management systems, as a bonus the original website would not have had bandwidth worries nor the need to find mirrors, and this incident would have been avoided.

Reply Parent Score: 2