mmx
Verified User
Looks like ftp.proftpd.org was compromised and the ProFTPD source code was altered with a backdoor.
Since this was after November 28th (I'm sure DA programmers downloaded a copy of the source way before that) it's still food for thought!
From the security newsletter:
Since this was after November 28th (I'm sure DA programmers downloaded a copy of the source way before that) it's still food for thought!
From the security newsletter:
ProFTPD Compromise Report
On Sunday, the 28th of November 2010 around 20:00 UTC the main
distribution server of the ProFTPD project was compromised. The
attackers most likely used an unpatched security issue in the FTP daemon
to gain access to the server and used their privileges to replace the
source files for ProFTPD 1.3.3c with a version which contained a backdoor.
The unauthorized modification of the source code was noticed by
Daniel Austin and relayed to the ProFTPD project by Jeroen Geilman on
Wednesday, December 1 and fixed shortly afterwards.
The fact that the server acted as the main FTP site for the ProFTPD
project (ftp.proftpd.org) as well as the rsync distribution server
(rsync.proftpd.org) for all ProFTPD mirror servers means that anyone who
downloaded ProFTPD 1.3.3c from one of the official mirrors from 2010-11-28
to 2010-12-02 will most likely be affected by the problem.
The backdoor introduced by the attackers allows unauthenticated users
remote root access to systems which run the maliciously modified version
of the ProFTPD daemon.
Last edited: