You are not logged in.

#1 2010-06-14 16:25:08

new2arch
Member
Registered: 2008-02-25
Posts: 235

unrealircd package and malware?

Hello all, just stumbled upon http://tinyurl.com/28ktynh and wondered if the Unrealircd package in Community repo is compromised?

Offline

#2 2010-06-14 16:42:14

fsckd
Forum Moderator
Registered: 2009-06-15
Posts: 3,574

Re: unrealircd package and malware?

ATM, does not look like it. Older versions, yes, quite likely.

Last edited by fsckd (2010-06-14 16:43:38)


aur S & M :: forum rules :: Community Ethos
Resources for Women, POC, LGBT*, and allies

Offline

#3 2010-06-14 17:16:20

new2arch
Member
Registered: 2008-02-25
Posts: 235

Re: unrealircd package and malware?

fsckd wrote:

ATM, does not look like it. Older versions, yes, quite likely.

But doesn't it mean that at some point the package contained malware which of course was replaced with untainted packages since then..

Offline

#4 2010-06-14 17:22:55

fsckd
Forum Moderator
Registered: 2009-06-15
Posts: 3,574

Re: unrealircd package and malware?

Yes, that's pretty much what I said. If you look at the original forum article, it gives two md5sums:
Backdoored version (BAD) is: 752e46f2d873c1679fa99de3f52a274d
Official version (GOOD) is: 7b741e94e867c0a7370553fd01506c66

Then, look in the PKGBUILD for the current version and you'll see the good md5sum. Look in the PKGBUILD for the previous version and you'll see the bad md5sum. It is probably advised to upgrade ASAP.


aur S & M :: forum rules :: Community Ethos
Resources for Women, POC, LGBT*, and allies

Offline

#5 2010-06-14 17:28:35

new2arch
Member
Registered: 2008-02-25
Posts: 235

Re: unrealircd package and malware?

fsckd wrote:

Yes, that's pretty much what I said. If you look at the original forum article, it gives two md5sums:
Backdoored version (BAD) is: 752e46f2d873c1679fa99de3f52a274d
Official version (GOOD) is: 7b741e94e867c0a7370553fd01506c66

Then, look in the PKGBUILD for the current version and you'll see the good md5sum. Look in the PKGBUILD for the previous version and you'll see the bad md5sum. It is probably advised to upgrade ASAP.

Interesting. Thanks.

Offline

#6 2010-06-14 17:29:15

Skripka
Member
From: 2X1280X1024
Registered: 2009-02-19
Posts: 554

Re: unrealircd package and malware?

Has one of you guys reported this to the powers that be?

Offline

#7 2010-06-14 17:38:57

brisbin33
Member
From: boston, ma
Registered: 2008-07-24
Posts: 1,796
Website

Re: unrealircd package and malware?

a thread just went by on arch-general (and aur-general) MLs.

edit:

some of those emails from the ML thread wrote:

the unrealircd version in community (3.2.8.1-2) has been flagged as
containing a backdoor which allows an attacker to execute commands with
the privileges of the user running the daemon.

The md5sum in the PKGBUILD (abs) matches the known-bad md5sum from this
announcement:
http://sourceforge.net/mailarchive/mess … lnscan.org

I've already filed a bug as FS#19780 to the community project, but
given the severity I thought it would be wise to alert a wider audience.

...

On a side-note, Sergej already has published a new pkgrel this afternoon
(2010-06-12 16:40:54 UTC). So the bug is/was already obsolete before I
wrote it. (I should remember to check the website before trusting
supposedly up to date mirrors I guess.) What do we actually need a
-security list for, when maintainers fix vulnerabilities before the are
filed? ;-)

Last edited by brisbin33 (2010-06-14 18:01:45)

Offline

#8 2010-06-14 17:47:48

new2arch
Member
Registered: 2008-02-25
Posts: 235

Re: unrealircd package and malware?

Skripka wrote:

Has one of you guys reported this to the powers that be?

Sorry I don't know how to do that. I noted that Sergej Pupykin is the package maintainer, but I failed to send a PM or make a bug report.

Offline

Board footer

Powered by FluxBB