Slackware :: H Article: Vsftpd Backdoor Discovered In Source Code?
Jul 4, 2011
Before anyone panics, the source tarball for Slackware 13.37 doesn't appear to be the "bad" tarball that Chris Evans mentions here:
[URL]
Code:
$> sha256sum vsftpd-2.3.4.tar.gz
b466edf96437afa2b2bea6981d4ab8b0204b83ca0a2ac94bef6b62b42cc71a5a vsftpd-2.3.4.tar.gz
I checked str.c for the call to vsf_sysutil_extra() if the user is specified as and I also checked for the rogue shellcode in sysdeputil.c but I didn't find it, so it looks like the backdoor was uploaded recently.
[URL]
Quote:
Chris Evans, aka Scary Beasts, has confirmed that version 2.3.4 of vsftpd's downloadable source code was compromised and a backdoor added to the code. Evans, the author of vsftpd - which is described on its web site as "probably the most secure and fastest FTP server for Unix-like systems" - was alerted on Sunday to the fact that a bad tarball had been downloaded from the vsftpd master site with an invalid GPG signature. It is not known how long the bad code had been online.
The bad tarball included a backdoor in the code which would respond to a user logging in with a user name "" by listening on port 6200 for a connection and launching a shell when someone connects.Evans has now moved the source code and site to [URL] a Google App Engine hosted site. The GPL-licensed source code can be downloaded (direct download) from the same site, along with the GPG signature for validating the download, a step that Evans recommends. Evans says that the lack of obfuscation and lack of victim identification leads him to believe that "perhaps someone was just having some lulz instead of seriously trying to cause trouble".
View 1 Replies
ADVERTISEMENT
Jan 19, 2011
I need a mixer app called envy24control. Nobody seems to have a Slackware package for it, which would not be a big deal except that I cannot find the source code either! Does anyone know where I can find this thing?
View 8 Replies
View Related
Jan 20, 2010
Just as the title says, where on earth is the source for the setup command during the install? I'm guessing that setup is a script, but I'm not sure (can't find it).
View 5 Replies
View Related
Dec 19, 2010
I am trying to build abcde from slackbuilds.org and include needed packages like id3. When I went to build it I was unable to download the source from [url] and I get a 404 error in dutch. I was wondering if anyone had this issue or if there was another trusted place to grab the source code? I checked the archives of the slackbuilds-user mailing list to see if the issue is already known, but I didn't see anything.
View 3 Replies
View Related
May 22, 2011
For anyone that doesn't know wayland is a compositor, maybe the new X. In phonorix there is a article that points wayland has a successor for X.
View 5 Replies
View Related
Apr 11, 2011
i am already a little bit familiar with linux and now i want to know better the linux OS. i have downloaded the source code of the krnel from the kernel.org and i dont understand the linux source trees organization, so can somebody do me a favor and give me a link to some internet page (or at least a book) that explains that?? i have searched in the internet with the tag:::linux source trees organization and i have not found nothing interesting
View 1 Replies
View Related
Sep 12, 2010
I want to see the source code of smplayer software.from where i can see source code of open source softwares?
View 9 Replies
View Related
Jun 8, 2010
the version of vsftpd i read is 1.2.1, i find the following code in main.c: struct vsf_sysutil_statbuf* p_statbuf = 0; but i cannot find the definition of this structure.then anybody here can tell me what is the definition of vsf_sysutil_statbuf struct?
View 5 Replies
View Related
Aug 3, 2009
When I do a yum or an initial load of vsftpd, I get binary that works. I got the source file "vsftpd-2.0.5-12.el5_3.1.src.rpm" from [URL] to make a change to add chown_upload_mode to version 2.0.5
With no changes to the source, the program works but does not respond to the service command properly. See [URL]
How do I get the source of vsftpd that matches the binary distribution?
View 3 Replies
View Related
Jan 22, 2011
I have been a newbie to Fedora, Now i think its the time to explore fedora and learn the "behind the scenes" process.. I want to know how to view the source code of kernel,an application.
View 2 Replies
View Related
Jul 20, 2010
I have been using Linux for 2 months, specifically Ubuntu, and been wondering where the source code is. Not only do I wonder where the kernel source code is but also where the source code for the installed programs are.
View 2 Replies
View Related
Aug 24, 2009
where can I find the source code of fedora's calculator?? I have to download it from somewhere? Am I able to view it from inside the O.S.?
View 12 Replies
View Related
Nov 17, 2009
Where I can get a disc for the Fedora 11 source code? I really like this release of fedora and want to keep it for the future. Also, what's the difference between SRPM and RPMs? What does an SRPM do when you install it and what is it's purpose?
View 3 Replies
View Related
Dec 13, 2009
how vlc source code can be compiled?
View 2 Replies
View Related
Jul 12, 2010
I have some C source code listings that are not documented or even commented from which I would like to run a program to create a flowchart.I'm not looking for the likes of dia or such which require the user to do the creation please. I've read the posts on this and other forums but have found only user created charts, not from source. From several web searches I know winblows has such programs but I don't want windows on this machine!
View 2 Replies
View Related
Aug 23, 2011
Looking for a guide or thread that explains how to install from source code.What programs that I need to install like php or others and the steps to compile make and install the code.
View 11 Replies
View Related
Feb 6, 2010
In what directory do I need to install a tarball containing API libraries in order to import the libraries for programming?I've been trying for a few hours now to get started on my homework - but I need the GLUT api for OpenGL. After attempting to compile a simple test program, I got the error
Code:
glut.h: No such file or directory
First off, I'm not even really sure if OpenGL wasn't included in the original install or if I even need it when programming with GLUT (I truelly am clueless, lol). But after reading as much as I could, I've only been able to deduce that I need to install the API libraries somewhere on my disc.So I found the tarball, and there are special instructions for installing a linux machine. I found instructions saying to install it in the directory /usr/lib/ but is that right for the SUSE distro?Also, if anybody knows anything about GLUT/OpenGL programming + openSUSE11.2.
View 9 Replies
View Related
Oct 16, 2010
where can i get the full source code of ubuntu ?
i want to study it and mayb il make my own os in the future.
View 3 Replies
View Related
Mar 27, 2011
How to edit Ubuntu Source code to edit Ubuntu how I want? I know I am legally allowed to modify the code but I do not know how?
View 2 Replies
View Related
Jun 7, 2011
Where can I obtain the source code for Ubuntu 10.04.1 LTS?
View 1 Replies
View Related
Aug 5, 2010
whr to get source code for squid
View 1 Replies
View Related
Jul 24, 2009
I downloaded wine from a windows laptop, but because you have to have a computer running Linux to download it as a .deb package, I had to download the source code as a tar. bz2.
Does anyone know how I compile it and make it executable?
View 6 Replies
View Related
Jan 17, 2010
I need GNU gprof source code. I have searched on Internet but didn't find anywhere. Can any give me the link for downloading the same?
View 3 Replies
View Related
Mar 22, 2011
Is red hat enterprize linux is open source and if yes from where I can get it's source code?
View 2 Replies
View Related
Mar 13, 2011
I am trying to install the tightVNC on my imac.It expects X install; I see that X11 in my utility. I think it is ok, but the instruction states to install it on /usr/bin/. Which is correct?Then I need to have ~JPEG and ~zlib to place in /usr/bin/ or inside of certain folders to use.To make sure it is ok; I put both of them in both of the indicated places. I assume it is going to work.Now, I am suppose to build and install. I am not sure how to do it with the command "xmkmf" and not sure where to run this command.I am doing all of this in terminal.
View 1 Replies
View Related
Dec 10, 2008
Whenever I had to go through the source of particular open source project, first I need to find out the actual site or the developer of the project which/who contributes to open source, then I should download the source from that site.Is there any single site where I can download the source of any open source tools or open source projects .For ex: If I need to view the source of tool netstat I should be able to download from a site(could be tgz,tar.bz2...) and understand the code.
All the packages are maintained in debian but only as binary packages. May be I should look at source packages. Is there anything else available.Plz don't say sourceforge.net and freshmeat.com - since it does not maintain all the open source tools running in linux platform.I want to view the source of netstat command but unable to get the source from anywhere.
View 4 Replies
View Related
Feb 18, 2010
where i get the tee command source code?.
View 2 Replies
View Related
Sep 10, 2009
I just need to develop a new command for deleting a file in LINUX Character mode , same like as windows instead of deleting the file , it should move to a folder name trash .I just started reading the source code of coreutil , need to write a code for the new command "delete".Am a MS student with BITS , want to do my dessertation in this , can anyone help me out .
View 6 Replies
View Related
May 11, 2010
I've tried to use google to find this, and all I find is M$ SAL and some annotation standard for java, neither of which is anything like what I'm looking for.
I am pouring over someone else's source code, and want to be able to take notes on it, saving those notes in a separate text file that I can grep, open in a text editor, etc. I want each annotation line to include a line number (or range of lines) so it's easy to know what part of the code it refers to.
I could do this by hand, but it would be nice if a program existed to read and write such a file format. It could be similar to Kompare, only with editable notes on one side and source on the other, linked together with colored bands.
Does such a thing exist?
Cosme Zamudio and I are discussing a possible file format and an Android app - [url]
View 4 Replies
View Related
Jan 19, 2010
Where can I find the top command source code... I got it from "http://procps.sourceforge.net/index.html" but it seems for Solaris. where can I get the source code for top commend running on Linux????
View 3 Replies
View Related
