1 |
This is the way HLUG and I caught the trojaned libpcap/tcpdump sources |
2 |
on the home site a while back. (http://www.adamsinfoserv.com/trojan.html) |
3 |
|
4 |
MD5's were good on the mirrors, but failed when downloading from the |
5 |
home site. |
6 |
|
7 |
To be thorough, check the validity of the files you download from |
8 |
multiple sources. Switch mirrors and then force a download from the |
9 |
home site for that package and watch your checksums. |
10 |
|
11 |
Russell |
12 |
|
13 |
On Fri, Dec 05, 2003 at 12:54:07AM -0600, Ryan Voots wrote: |
14 |
> On Fri, 05 Dec 2003 12:31:42 +0600 |
15 |
> "Anuradha Ratnaweera" <ARatnaweera@×××××××.com> Add to Address Book |
16 |
> wrote: |
17 |
> |
18 |
> > On Fri, 2003-12-05 at 11:46, Ryan Voots wrote: |
19 |
> > > > |
20 |
> > > > I tried to emerge gaim, and there was a MD5 mismatch for XFree86 |
21 |
> > > > patches. Wondering if it has got to do with the compromise. |
22 |
> > > |
23 |
> > > while its possible, i dont know if the server also hosted things |
24 |
> regarding distributing files, AFAIK no rsync server does file hosting |
25 |
> also |
26 |
> > |
27 |
> > Was a bit paranoid, if the intruder may have changed both MD5 sum on |
28 |
> the |
29 |
> > rsync server (are they there, at first place?) _and_ the source |
30 |
> tarball |
31 |
> > on the other site, |
32 |
> |
33 |
> the MD5's are sent with the portage tree AFAIK, if you are concered |
34 |
> about that, make sure you do an emerge sync *the affected server is out |
35 |
> of rotation now i believe* |
36 |
> |
37 |
> |
38 |
> -----BEGIN GEEK CODE BLOCK---- |
39 |
> Version: 3.1 |
40 |
> GCS/CM/E/M/S/O d--(-) s:+>:- |
41 |
> a--->-->->>+>++>+++$ C+++>++++$ UL++++>++++$ |
42 |
> P+++>++++$ L++++>++++$ !E-? W++>++$>+++$ |
43 |
> N++>* !o? !K? w--->---$ O-- M-@ !V--? PS+++(++(+((-)))) |
44 |
> PE Y+(++)@ PGP+++(++) t+++>+++$ 5--(-)@ X++@>+++@ |
45 |
> R+(++)@ tv+++@>++@ b+>++ DI++++ D+++@ G+++>++++ |
46 |
> e>+$>++$>+++$>++++$>+++++$ h+>++ r*(--(++))@ !y+>-->->+++@ |
47 |
> -----END GEEK CODE BLOCK----- |
48 |
|
49 |
-- |
50 |
gentoo-security@g.o mailing list |