Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: Russell Adams <RLAdams@...>
Subject: Re: MD5 mismatch for XFree86 patch
Date: Fri, 5 Dec 2003 09:33:32 -0600
This is the way HLUG and I caught the trojaned libpcap/tcpdump sources
on the home site a while back. (http://www.adamsinfoserv.com/trojan.html)

MD5's were good on the mirrors, but failed when downloading from the
home site.

To be thorough, check the validity of the files you download from
multiple sources. Switch mirrors and then force a download from the
home site for that package and watch your checksums.

Russell

On Fri, Dec 05, 2003 at 12:54:07AM -0600, Ryan Voots wrote:
> On Fri, 05 Dec 2003 12:31:42 +0600
> "Anuradha Ratnaweera" <ARatnaweera@...>  Add to Address Book
> wrote:
> 
> > On Fri, 2003-12-05 at 11:46, Ryan Voots wrote:
> > > > 
> > > > I tried to emerge gaim, and there was a MD5 mismatch for XFree86
> > > > patches.  Wondering if it has got to do with the compromise.
> > > 
> > > while its possible, i dont know if the server also hosted things
> regarding distributing files, AFAIK no rsync server does file hosting
> also
> > 
> > Was a bit paranoid, if the intruder may have changed both MD5 sum on
> the
> > rsync server (are they there, at first place?) _and_ the source
> tarball
> > on the other site, 
> 
> the MD5's are sent with the portage tree AFAIK, if you are concered
> about that, make sure you do an emerge sync *the affected server is out
> of rotation now i believe*
> 
> 
> -----BEGIN GEEK CODE BLOCK----
> Version: 3.1
> GCS/CM/E/M/S/O d--(-) s:+>:-
> a--->-->->>+>++>+++$ C+++>++++$ UL++++>++++$
> P+++>++++$ L++++>++++$ !E-? W++>++$>+++$
> N++>* !o? !K? w--->---$ O-- M-@ !V--? PS+++(++(+((-))))
> PE Y+(++)@ PGP+++(++) t+++>+++$ 5--(-)@ X++@>+++@
> R+(++)@ tv+++@>++@ b+>++ DI++++ D+++@ G+++>++++ 
> e>+$>++$>+++$>++++$>+++++$ h+>++ r*(--(++))@ !y+>-->->+++@
> -----END GEEK CODE BLOCK-----

--
gentoo-security@g.o mailing list

Replies:
Re: MD5 mismatch for XFree86 patch
-- Philippe Coulonges
Re: MD5 mismatch for XFree86 patch
-- Ryan Voots
References:
Re: MD5 mismatch for XFree86 patch
-- Ryan Voots
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: MD5 mismatch for XFree86 patch
Next by thread:
Re: MD5 mismatch for XFree86 patch
Previous by date:
Re: MD5 mismatch for XFree86 patch
Next by date:
Re: MD5 mismatch for XFree86 patch


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.