Chris Evans, aka Scary Beasts, has confirmed that version 2.3.4 of vsftpd's downloadable source code was compromised and a backdoor added to the code. Evans, the author of vsftpd – which is described on its web site as "probably the most secure and fastest FTP server for Unix-like systems" – was alerted on Sunday to the fact that a bad tarball had been downloaded from the vsftpd master site with an invalid GPG signature. It is not known how long the bad code had been online.
The bad tarball included a backdoor in the code which would respond to a user logging in with a user name ":)" by listening on port 6200 for a connection and launching a shell when someone connects.
Evans has now moved the source code and site to https://security.appspot.com/vsftpd.html, a Google App Engine hosted site. The GPL-licensed source code can be downloaded (direct download) from the same site, along with the GPG signature for validating the download, a step that Evans recommends. Evans says that the lack of obfuscation and lack of victim identification leads him to believe that "perhaps someone was just having some lulz instead of seriously trying to cause trouble".


tarball 형태로 제공된 vsftpd의 소스코드에 백도어가 심어진 채 배포 되었다고 리포팅 했습니다.
 
백도어는 ":)" 사용자 이름으로 로그인할수 있도록 6200포트를 오픈하고 리스닝하는 것으로 알려졌습니다.
 
해당 버전인 2.3.4 버전의 tarball 형태 배포소스를 가져다 빌드해서 사용하는 사용자들은 재 다운로드 하여 교체하길 바랍니다.
 

+ Recent posts