Sunday, December 05, 2010

Compromised ProFTPD

ProFTPD, one of the most popular FTP Server is known to be compromised in the source code level. The attacker has managed to slip a malicious code into the source code and it has been spreading world wide. For those who wanted to see the impact of a compromised package, please have a look on Pastebin. It's a nasty one indeed.

ProFTPD has announced this and one way to get the legitimate package is by comparing the MD5 hash or PGP Signature found on every ProFTPD package with the one found on this page. If it's different, then it means you get the modified source code. Redownload and reinstall the package with the proper one.

The modification was carried out on the 28th November and discovered and reverted on 1st December. Luckily, ProFTPD package in Slackware-Current is not affected. I have tested before i posted this blog post Yahoo