NOTICE: [CERT Advisory CA-2003-21 GNU Project FTP Server Compromise]

From: Chris Larsen (darth_at_vader.dk)
Date: 08/14/03

  • Next message: Chris Larsen: "Re: NOTICE: [CERT Advisory CA-2003-21 GNU Project FTP Server Compromise]"
    Date: Thu, 14 Aug 2003 02:22:25 +0200
    To: freebsd-security@freebsd.org
    
    
    
    

    Hi All

    As many may have noticed the GNU Project's FTP server had been compromised as
    outlined in this CERT advisory[1].

    I felt the urge to quickly hack together a small perl script to check my
    distfiles against the published md5 sums from FSF.

    Using this file as reference: ftp://ftp.gnu.org/before-2003-08-01.md5sums.asc
    (Check and Verify the PGP signature ![1])

    [1] Full CERT advisory : http://www.cert.org/advisories/CA-2003-21.html

    -*-*-*-

    Attached is a gzipped perl program to check ports/distfiles GNU archives
    against the above file and indicate OK or WARNING status.

    This script is provided in hope that people may find it useful.

    PS: I know already now it has some shortcommings and is not fully regression
    tested, but it fullfilled my purposes.

    -- 
    Chris Larsen
    "Make something idiot proof,
     and someone will invent a better idiot."
    
    



  • Next message: Chris Larsen: "Re: NOTICE: [CERT Advisory CA-2003-21 GNU Project FTP Server Compromise]"