oss-sec mailing list archives

vsftpd download backdoored

From: Solar Designer <solar () openwall com>
Date: Mon, 4 Jul 2011 01:16:27 +0400

Hi,

Here's a great example of why maintainers should sign their release
tarballs, why distributions should insist on that, and why they should
actually check the signatures indeed.

I think we should be referring to this when convincing people to do that
(I had moderate success so far - some projects started signing their
tarballs after my suggestions/requests, some did not).

http://scarybeastsecurity.blogspot.com/2011/07/alert-vsftpd-download-backdoored.html

New vsftpd homepage:

https://security.appspot.com/vsftpd.html

Alexander

Current thread:

vsftpd download backdoored Solar Designer (Jul 03)
- Re: vsftpd download backdoored Moritz Muehlenhoff (Jul 04)
  - Re: vsftpd download backdoored Solar Designer (Jul 04)
    - Re: vsftpd download backdoored Eugene Teo (Jul 04)
    - Re: vsftpd download backdoored Solar Designer (Jul 04)
    - Re: vsftpd download backdoored HD Moore (Jul 04)
    - Re: vsftpd download backdoored Solar Designer (Jul 04)
    - Re: vsftpd download backdoored HD Moore (Jul 04)
    - Re: vsftpd download backdoored Solar Designer (Jul 04)
    - Re: vsftpd download backdoored Solar Designer (Jul 04)
    - Re: vsftpd download backdoored HD Moore (Jul 04)

(Thread continues...)