NOTICE: [CERT Advisory CA-2003-21 GNU Project FTP Server Compromise]
From: Chris Larsen (darth_at_vader.dk)
Date: 08/14/03
- Previous message: Dan Airinen: "Re: Certification (was RE: realpath(3) et al)"
- Next in thread: Chris Larsen: "Re: NOTICE: [CERT Advisory CA-2003-21 GNU Project FTP Server Compromise]"
- Reply: Chris Larsen: "Re: NOTICE: [CERT Advisory CA-2003-21 GNU Project FTP Server Compromise]"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 14 Aug 2003 02:22:25 +0200 To: freebsd-security@freebsd.org
Hi All
As many may have noticed the GNU Project's FTP server had been compromised as
outlined in this CERT advisory[1].
I felt the urge to quickly hack together a small perl script to check my
distfiles against the published md5 sums from FSF.
Using this file as reference: ftp://ftp.gnu.org/before-2003-08-01.md5sums.asc
(Check and Verify the PGP signature ![1])
[1] Full CERT advisory : http://www.cert.org/advisories/CA-2003-21.html
-*-*-*-
Attached is a gzipped perl program to check ports/distfiles GNU archives
against the above file and indicate OK or WARNING status.
This script is provided in hope that people may find it useful.
PS: I know already now it has some shortcommings and is not fully regression
tested, but it fullfilled my purposes.
-- Chris Larsen "Make something idiot proof, and someone will invent a better idiot."
- application/pgp-signature attachment: stored
- Previous message: Dan Airinen: "Re: Certification (was RE: realpath(3) et al)"
- Next in thread: Chris Larsen: "Re: NOTICE: [CERT Advisory CA-2003-21 GNU Project FTP Server Compromise]"
- Reply: Chris Larsen: "Re: NOTICE: [CERT Advisory CA-2003-21 GNU Project FTP Server Compromise]"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
