Feeds

GNU servers ‘owned’ by crackers for months

Source code believed safe

  • alert
  • submit to reddit

Security for virtualized datacentres

Crackers owned the primary file servers of the GNU Project from mid-March until two weeks ago, the Free Software Foundation admitted this week.

The attack raises concerns about whether malicious code could have been inserted in the software available for download, including some Linux applications.

However, evidence suggests no source code distributions were modified as a result of the attack. Current files have all been validated by the FSF, which oversees the GNU Project.

Nonetheless sites using software obtained from the compromised system are urged to verify the integrity of their distribution. FSF is providing software hashes to this end which can be found here.

The attack took place in March using a zero-day exploit, but was only discovered in late July. FSF replaced the compromised machine in early August.

In a statement, the FSF explained: "A root compromise and a Trojan horse were discovered on gnuftp.gnu.org, the FTP server of the GNU project. The machine appears to have been cracked in March 2003, but we only discovered the crack in the last week of July 2003. The modus operandi of the cracker shows that (s)he was interested primarily in using gnuftp to collect passwords and as a launching point to attack other machines."

"It appears that the machine was cracked using a ptrace exploit by a local user immediately after the exploit was posted," it added.

Evidence found on the compromised machine indicates that gnuftp was cracked during the week between the release of the ptrace bug, a root-shell exploit, and the time a working fix for the Linux-kernel was available a week later.

The FSF have tightened up security defences since the attack. Local shell access to the FTP server for GNU maintainers has been withdrawn pending completion of its certification activities.

Security clearing house CERT has also issued an advisory on the attack.

It far from the first time crackers have broken into the web servers of software developers. In May 2001, infamous cracker Fluffy Bunny bragged that he had compromised the systems of the Apache project.

In October 2000, Microsoft's systems were comprehensively compromised by a cracker using the QAZ Trojan. Weeks later Microsoft's core web sites were again 0wn3d in an attack that went beyond the usual Web page defacement. ®

Related Stories

Cowboy cracker nails Apache
Fluffi Bunni nabbed at InfoSec
Microsoft hacker fired
Microsoft hacked again
Microsoft Hack: Warned of weakness three months earlier
How you hack into Microsoft: A step by step guide
MS hacked! Russian mafia swipes WinME source?

Secure remote control for conventional and virtual desktops

More from The Register

next story
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Microsoft pulls another dodgy patch
Redmond makes a hash of hashing add-on
FYI: OS X Yosemite's Spotlight tells Apple EVERYTHING you're looking for
It's on by default – didn't you read the small print?
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
Forget passwords, let's use SELFIES, says Obama's cyber tsar
Michael Daniel wants to kill passwords dead
FBI boss: We don't want a backdoor, we want the front door to phones
Claims it's what the Founding Fathers would have wanted – catching killers and pedos
Kill off SSL 3.0 NOW: HTTPS savaged by vicious POODLE
Pull it out ASAP, it is SWISS CHEESE
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.