GNU FTP server compromised

Sam Halliday fommil at yahoo.ie
Wed Aug 13 11:50:17 PDT 2003


Matthias Benkmann wrote:
> http://ftp.gnu.org/MISSING-FILES.README

thats pretty scary

i already knew a few days ago that the webserver had been cracked due to an ssh
v1 exploit (btw, i hope everyone has "Protocol 2" set in /etc/ssh/sshd_config
unless they REALLY need v1), but i had no idea about FTP. at the time i reported
some broken links on the webpage, i was given a GPG signed list of md5sums on
the FTP server from a few months ago compared with a list from that day, and
everything matched.

scary,

cheers,
Sam
-- 
If they were so inclined, they could impeach him because they don't like his
necktie.
-- Attorney General William Saxbe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.linuxfromscratch.org/pipermail/lfs-security/attachments/20030813/57f03efe/attachment.sig>


More information about the lfs-security mailing list