FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > ArchLinux > ArchLinux General Discussion

 
 
LinkBack Thread Tools
 
Old 06-12-2010, 10:57 PM
Alexander Duscheleit
 
Default unrealircd 3.2.8.1-2 contains backdoor

Hi folks,

the unrealircd version in community (3.2.8.1-2) has been flagged as
containing a backdoor which allows an attacker to execute commands with
the privileges of the user running the daemon.

The md5sum in the PKGBUILD (abs) matches the known-bad md5sum from this
announcement:
http://sourceforge.net/mailarchive/message.php?msg_name=4C134F7E.202%40vulnscan.org

I've already filed a bug as FS#19780 to the community project, but
given the severity I thought it would be wise to alert a wider audience.

Greetings,
Jinks
 
Old 06-12-2010, 11:19 PM
Thomas Bächler
 
Default unrealircd 3.2.8.1-2 contains backdoor

Am 13.06.2010 00:57, schrieb Alexander Duscheleit:
> Hi folks,
>
> the unrealircd version in community (3.2.8.1-2) has been flagged as
> containing a backdoor which allows an attacker to execute commands with
> the privileges of the user running the daemon.
>
> The md5sum in the PKGBUILD (abs) matches the known-bad md5sum from this
> announcement:
> http://sourceforge.net/mailarchive/message.php?msg_name=4C134F7E.202%40vulnscan.org
>
> I've already filed a bug as FS#19780 to the community project, but
> given the severity I thought it would be wise to alert a wider audience.

Maybe you should post to the right list then.

> Greetings,
> Jinks
>
 
Old 06-13-2010, 12:06 AM
Alexander Duscheleit
 
Default unrealircd 3.2.8.1-2 contains backdoor

On Sun, 13 Jun 2010 01:19:02 +0200
Thomas Bächler <thomas@archlinux.org> wrote:

> Am 13.06.2010 00:57, schrieb Alexander Duscheleit:
> >
> > I've already filed a bug as FS#19780 to the community project, but
> > given the severity I thought it would be wise to alert a wider
> > audience.
>
> Maybe you should post to the right list then.
>
Isn't that what I did? From the Arch Linux related lists, this one
seemed the most appropriate I have post access to. Aur-general doesn't
apply, dev-public is read-only, all others don't fit the topic and
there is no -security. So which Arch list would have been better?
 

Thread Tools




All times are GMT. The time now is 07:02 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org