[Sussex] Fwd: [Full-disclosure] VSFTPd backdoor
Stephen Williams
sdp.williams at btinternet.com
Tue Jul 5 10:38:25 UTC 2011
Jacqui,
Particularly of interest to me being a Gentoo fan.
However, it's not installed on any of my boxes:
# emerge -pv vsftpd
These are the packages that would be merged, in order:
Calculating dependencies ... done!
[ebuild N ] net-ftp/ftpbase-0.01-r2
[ebuild N ] net-ftp/vsftpd-2.3.4
I've also noticed a tendency for some windows anti-virus scanners to issue
false alerts for some source code archives. Quite often when I plug my USB HDD
with my Gentoo /usr/portage/distfiles backup into my windows machines running
AVG, they will often complain about some of the source archives being
infected. Naturally I was very worried about this initially, but I found that
anti-virus scanners were not consistent in their detection. Sometimes they
would complain about one file, and after an virus signature update they would
complain about different files.
Steve W.
On Tuesday 05 July 2011 11:05:26 Jacqui Caren-home wrote:
> The dangers of installing from source :-)
>
> file is named "vsftpd-2.3.4.tar.gz"
> and the infection was blamed on the hosting provider!
>
> Jacqui
>
> -------- Original Message --------
> Subject: [Full-disclosure] VSFTPd backdoor
> Date: Mon, 4 Jul 2011 20:45:01 +0200
> From: AD <elhoim at gmail.com>
> To: full-disclosure at lists.grok.org.uk
>
> http://scarybeastsecurity.blogspot.com/2011/07/alert-vsftpd-download-backdoo
> red.html
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
> --
> Sussex mailing list
> Sussex at mailman.lug.org.uk
> E-mail Address: sussex at mailman.lug.org.uk
> Sussex LUG Website: http://www.sussex.lug.org.uk/
> https://mailman.lug.org.uk/mailman/listinfo/sussex
More information about the Sussex
mailing list