GNU servers release code '0wn3d' by crackers

GNU servers release code '0wn3d' by crackers: Posted by goat troll on August 15th, 2003; <<Lifed from www.gyges.net>>
Crackers owned the primary file servers of the GNU Project from
mid-January until two weeks ago, the Free Software Foundation admitted
this week. During this time malicious was inserted into the software
available for download on these servers, including Linux.

Current files have all been validated by the FSF, which oversees the
GNU Project; however, files downloaded before 14th August could well
be compromised. Sites using software obtained from the system are
urged to verify the integrity of their distribution; FSF is providing
software hashes to this end.

The attack took place in March using a zero-day exploit, but was only
discovered yeserday. FSF replaced the compromised machine in early
this morning.

In a statement, the FSF explained: "A root compromise and a Trojan
horse were discovered on gnuftp.gnu.org, the FTP server of the GNU
project. The machine appears to have been cracked in March 2003, but
we only discovered the crack yesterday. The modus operandi of the
cracker shows that he was interested in using gnuftp as a distibution
point for software which collects passwords and also as a launching
point to attack other machines."

"It appears that the machine was cracked using a ptrace exploit by a
local user immediately after the exploit was posted," it added.

Evidence found on the compromised machine indicates that gnuftp was
cracked during the week between the release of the ptrace bug, a
root-shell exploit, and the time a working fix for the Linux-kernel
was available a week later.

The FSF have tightened up security defences since the attack. Local
shell access to the FTP server for GNU maintainers has been withdrawn
pending completion of its certification activities.

Security clearing house CERT has also issued an advisory on the
attack.

It far from the first time crackers have broken into the web servers
of software developers. In May 2005, infamous cracker Fluffy Bunny
bragged that he had compromised the systems of the Apache project.

In October 2000, Microsoft's systems were comprehensively compromised
by a cracker using the QAZ Trojan. Weeks later Microsoft's core web
sites were again 0wn3d in an attack that went beyond the usual Web
page defacement.; Posted by Nils Petter Vaskinn on August 15th, 2003; On Fri, 15 Aug 2003 03:17:25 -0700, goat troll wrote:

May 2005?

Just pointing it out so that noone that read the OP wastes time trying to
check if any of it is true.

NPV; Posted by Simon Andrews on August 15th, 2003; Nils Petter Vaskinn wrote:
Unfortunately, at least some of it was true. The GNU project FTP server
was compromised, but there is no evidence that any code was actually
changed.

http://www.cert.org/advisories/CA-2003-21.html

Simon.; Posted by Steffen Kluge on August 15th, 2003; OH MY GOD! They stole all the GNU sources! What are we going to
do now? Expect pirated copies of the most sought after sources to
appear on warez sites all over the net shortly!

Cheers
Steffen.; Posted by Alan Connor on August 15th, 2003; On Fri, 15 Aug 2003 15:51:20 GMT, Steffen Kluge <kluge@dotnet.org> wrote:
:-) Stealing free software IS pretty funny. He coulda just asked.

And all anyone had to do to defeat this MasterMindCracker was to check the
md5 sums on any software they downloaded, which anyone with half-a-brain does
anyway.

I'd say that the MasterMindCracker was about as intelligent as the folks on
the website the OP got the article from, that can't even spell or use a
spell-checker. Gotta be WinWeenies for sure. Same for the OP.

Alan C; Posted by Nils Petter Vaskinn on August 18th, 2003; On Fri, 15 Aug 2003 14:16:20 +0200, Peter T. Breuer wrote:

Perhaps, but to be believable the post should have referred to the time
the bragging appeared on usenet not the date on the posts.

The OP also states:
The fact that this hasn't been all over the internet in the last few weeks
doesn't øend credibility to bis story either.

Nor did www.gnu.org display any warnings about this on their website.

So Fluff Bunny may exist, I didn't research that, but I'm pretty sure that
the warning in the OT (original troll) is bogus.

regards
NPV; Posted by Nils Petter Vaskinn on August 19th, 2003; On Mon, 18 Aug 2003 09:48:43 +0000, Nils Petter Vaskinn wrote:

Well, I was wrong. Apparently the GNU ftp server has been cracked.

I made the false assumption that if this was true the gnu.org site would
have a huge flashing warning on the front page. They didn't, it was in
fact rather small, but it does explain all the facts about the cracking.

So in case anyone took my advice and ignored the OP, I was wrong, sorry.

regards
NPV

Similar Posts

HELP: Code works in Debug Configuration but not in Release (Development Resources) by AlabiChin
MS Patch release for Embedded Web Fonts code execution vulnerability (Computer Security) by Winged
Crackers... (Development Resources) by Konrad
CmdSrc Code Release [Advanced Snapshot] (Software & Applications) by guard
CmdSrc Code Release [Advanced Snapshot] (MS-DOS) by guard