A warning has been issued by the developers of ProFTPD, the popular FTP server software, about a compromise of the main distribution server of the software project that resulted in attackers exchanging the offered source files for ProFTPD 1.3.3c with a version containing a backdoor. It is thought that the attackers took advantage of an unpatched security flaw in the FTP daemon in order to gain access to the server.
The version with the backdoor makes it possible for the attackers to gain remote root access to any system that runs the malicious version.
Users who have downloaded the source files during those four days - and other users who would like to know they are completely safe just in case - are urged to download the source files again and run it. [Date: 2 December 2010; Source: http://www.net- security.org/secworld.php?id=10243]
No comments:
Post a Comment