oss-sec mailing list archives
vsftpd download backdoored
From: Solar Designer <solar () openwall com>
Date: Mon, 4 Jul 2011 01:16:27 +0400
Hi, Here's a great example of why maintainers should sign their release tarballs, why distributions should insist on that, and why they should actually check the signatures indeed. I think we should be referring to this when convincing people to do that (I had moderate success so far - some projects started signing their tarballs after my suggestions/requests, some did not). http://scarybeastsecurity.blogspot.com/2011/07/alert-vsftpd-download-backdoored.html New vsftpd homepage: https://security.appspot.com/vsftpd.html Alexander
Current thread:
- vsftpd download backdoored Solar Designer (Jul 03)
- Re: vsftpd download backdoored Moritz Muehlenhoff (Jul 04)
- Re: vsftpd download backdoored Solar Designer (Jul 04)
- Re: vsftpd download backdoored Eugene Teo (Jul 04)
- Re: vsftpd download backdoored Solar Designer (Jul 04)
- Re: vsftpd download backdoored HD Moore (Jul 04)
- Re: vsftpd download backdoored Solar Designer (Jul 04)
- Re: vsftpd download backdoored HD Moore (Jul 04)
- Re: vsftpd download backdoored Solar Designer (Jul 04)
- Re: vsftpd download backdoored Solar Designer (Jul 04)
- Re: vsftpd download backdoored HD Moore (Jul 04)
- Re: vsftpd download backdoored Solar Designer (Jul 04)
- Re: vsftpd download backdoored Moritz Muehlenhoff (Jul 04)