Re: [pgsql-www] FW: (AUSCERT ESB-2003.0563) CERT Advisory CA-2003-21
| От | Darcy Buskermolen |
|---|---|
| Тема | Re: [pgsql-www] FW: (AUSCERT ESB-2003.0563) CERT Advisory CA-2003-21 |
| Дата | |
| Msg-id | 200308140833.37775.darcy@wavefire.com обсуждение исходный текст |
| Ответ на | Re: [pgsql-www] FW: (AUSCERT ESB-2003.0563) CERT Advisory CA-2003-21 (Justin Clift <justin@postgresql.org>) |
| Список | pgsql-advocacy |
I have been running ProFTPD (www.proftpd.net) on all my servers for over 5 years now, including ftp3.ca. ProFTPD has apache like configuration as well as modular expandability, can be configured to run as a stand alone daemon, or through inetd and runs as an unprivlidged user. On Wednesday 13 August 2003 23:09, Justin Clift wrote: > Ouch. > > Wu-FTPd has probably the worst track record on the planet for FTP > vulnerabilities. > > :( > > There are quite a few others out there. From memory, Red Hat 9 has changed > to one called "VSFTPd" by default. > > Personally, in regards to knowing which FTP server is the best, I'm better > to leave it to others to figure that one out. > > :) > > Regards and best wishes, > > Justin Clift > > The Hermit Hacker wrote: > > any idea what version of ftp they are/were running? I may be blind, but > > I dont' see it in the announce, and its not showing up when you ftp into > > them :( We're running a fairly recent wu-ftpd, but just want to make > > sure: > > > > Version wu-2.6.2(1) Wed Jun 4 18:22:39 GMT 2003 > > > > On Thu, 14 Aug 2003, Justin Clift wrote: > >>Hi guys, > >> > >>Not sure if people have or haven't seen this already. > >> > >>The GNU Project's FTP servers were root compromised some time ago, and it > >> was only discovered recently. > >> > >>:-( > >> > >>Regards and best wishes, > >> > >>Justin Clift > >> > >>>-----Original Message----- > >>>From: auscert@auscert.org.au > >>>Sent: Thursday, 14 August 2003 1:59 pm > >>>To: auscert-subscriber@auscert.org.au > >>>Subject: (AUSCERT ESB-2003.0563) CERT Advisory CA-2003-21 - GNU Project > >>> FTP Server Compromise > >>> > >>>-----BEGIN PGP SIGNED MESSAGE----- > >>> > >>>======================================================================== > >>>=== AUSCERT External Security Bulletin Redistribution > >>> > >>> ESB-2003.0563 -- CERT Advisory CA-2003-21 > >>> GNU Project FTP Server Compromise > >>> 14 August 2003 > >>> > >>>======================================================================== > >>>=== > >>> > >>> AusCERT Security Bulletin Summary > >>> --------------------------------- > >>> > >>>Product: GNU Software > >>>Publisher: CERT/CC > >>>Impact: Root Compromise > >>> Execute Arbitrary Code/Commands > >>>Access Required: Remote > >>> > >>>- --------------------------BEGIN INCLUDED TEXT-------------------- > >>> > >>>- -----BEGIN PGP SIGNED MESSAGE----- > >>> > >>>CERT Advisory CA-2003-21 GNU Project FTP Server Compromise > >>> > >>> Original issue date: August 13, 2003 > >>> Last revised: -- > >>> Source: CERT/CC > >>> > >>> A complete revision history is at the end of this file. > >>> > >>>Overview > >>> > >>> The CERT/CC has received a report that the system housing the > >>> primary FTP servers for the GNU software project was compromised. > >>> > >>>I. Description > >>> > >>> The GNU Project, principally sponsored by the Free Software > >>> Foundation (FSF), produces a variety of freely available software. > >>> The CERT/CC has learned that the system housing the primary FTP > >>> servers for the GNU software project, gnuftp.gnu.org, was root > >>> compromised by an intruder. The more common host names of ftp.gnu.org > >>> and alpha.gnu.org are aliases for the same compromised system. > >>> The compromise is reported to have occurred in March of 2003. > >>> > >>> The FSF has released an announcement describing the incident. > >>> > >>> Because this system serves as a centralized archive of > >>> popular software, the insertion of malicious code into the > >>> distributed software is a serious threat. As the above announcement > >>> indicates, however, no source code distributions are believed to > >>> have been> maliciously modified at this time. > >>> > >>>II. Impact > >>> > >>> The potential exists for an intruder to have inserted back > >>> doors, Trojan horses, or other malicious code into the source > >>> code distributions of software housed on the compromised system. > >>> > >>>III. Solution > >>> > >>> We encourage sites using the GNU software obtained from > >>> the compromised system to verify the integrity of their distribution. > >>> > >>> Sites that mirror the source code are encouraged to verify > >>> the integrity of their sources. We also encourage users to inspect any > >>> and all other software that may have been downloaded from the > >>> compromised site. Note that it is not always sufficient to rely on the > >>> timestamps or file sizes when trying to determine whether or not a > >>> copy of the file has been modified. > >>> > >>>Verifying checksums > >>> > >>> The FSF has produced PGP-signed lists of known-good MD5 hashes of > >>> the software packages housed on the compromised server. These lists can > >>> be found at > >>> > >>> ftp://ftp.gnu.org/before-2003-08-01.md5sums.asc > >>> ftp://alpha.gnu.org/before-2003-08-01.md5sums.asc > >>> > >>> Note that both of these files and the announcement above are signed > >>> by Bradley Kuhn, Executive Director of the FSF, with the following > >>> PGP key: > >>> > >>>pub 1024D/DB41B387 1999-12-09 Bradley M. Kuhn <bkuhn@fsf.org> > >>> Key fingerprint = 4F40 645E 46BE 0131 48F9 92F6 E775 E324 DB41 > >>> B387 uid Bradley M. Kuhn (bkuhn99) > >>> <bkuhn@ebb.org> uid Bradley M. Kuhn > >>> <bkuhn@gnu.org> > >>>sub 2048g/75CA9CB3 1999-12-09 > >>> > >>> The CERT/CC believes this key to be valid. > >>> > >>> As a matter of good security practice, the CERT/CC encourages users > >>> to verify, whenever possible, the integrity of downloaded software. > >>> For more information, see IN-2001-06. > >>> > >>>Appendix A. - Vendor Information > >>> > >>> This appendix contains information provided by vendors for > >>> this advisory. As vendors report new information to the CERT/CC, we > >>> will update this section and note the changes in our revision history. > >>> If a particular vendor is not listed below, we have not received > >>> their comments. > >>> > >>>Free Software Foundation > >>> > >>> > >>> The current files on alpha.gnu.org and ftp.gnu.org as of 2003-08-02 > >>> have all been verified, and their md5sums and the reasons we believe > >>> the md5sums can be trusted are in: > >>> > >>> ftp://ftp.gnu.org/before-2003-08-01.md5sums.asc > >>> ftp://alpha.gnu.org/before-2003-08-01.md5sums.asc > >>> > >>> We are updating that file and the site as we confirm good md5sums of > >>> additional files. It is theoretically possible that downloads > >>> between March 2003 and July 2003 might have been source-compromised, so > >>> we encourage everyone to re-download sources and compare with the > >>> current copies for files on the site. > >>> > >>>Appendix B. References > >>> > >>> * FSF announcement regarding the incident > >>> - ftp://ftp.gnu.org/MISSING-FILES.README > >>> * CERT Incident Note IN-2001-06 - > >>> http://www.cert.org/incident_notes/IN-2001-06.html > >>> _________________________________________________________________ > >>> > >>> The CERT/CC thanks Bradley Kuhn and Brett Smith of the Free > >>> Software Foundation for their timely assistance in this matter. > >>> _________________________________________________________________ > >>> > >>> Feedback can be directed to the author: Chad Dougherty. > >>> > >>> ______________________________________________________________________ > >>> > >>> This document is available from: > >>> http://www.cert.org/advisories/CA-2003-21.html > >>> > >>> ______________________________________________________________________ > >>> > >>>CERT/CC Contact Information > >>> > >>> Email: cert@cert.org > >>> Phone: +1 412-268-7090 (24-hour hotline) > >>> Fax: +1 412-268-6989> > >>> Postal address: > >>> CERT Coordination Center > >>> Software Engineering Institute > >>> Carnegie Mellon University > >>> Pittsburgh PA 15213-3890 > >>> U.S.A. > >>> > >>> CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) > >>> / EDT(GMT-4) Monday through Friday; they are on call for > >>> emergencies during other hours, on U.S. holidays, and on weekends. > >>> > >>>Using encryption > >>> > >>> We strongly urge you to encrypt sensitive information sent by > >>> email. Our public PGP key is available from > >>> http://www.cert.org/CERT_PGP.key > >>> > >>> If you prefer to use DES, please call the CERT hotline for > >>> more information. > >>> > >>>Getting security information > >>> > >>> CERT publications and other security information are available > >>> from our web site > >>> http://www.cert.org/ > >>> > >>> To subscribe to the CERT mailing list for advisories and > >>> bulletins, send email to majordomo@cert.org. Please include in the > >>> body of your message > >>> > >>> subscribe cert-advisory > >>> > >>> * "CERT" and "CERT Coordination Center" are registered in the > >>> U.S. Patent and Trademark Office. > >>> > >>> ______________________________________________________________________ > >>> > >>> NO WARRANTY > >>> Any material furnished by Carnegie Mellon University and the > >>> Software Engineering Institute is furnished on an "as is" basis. > >>> Carnegie Mellon University makes no warranties of any kind, either > >>> expressed or implied as to any matter including, but not limited to, > >>> warranty of fitness for a particular purpose or merchantability, > >>> exclusivity or results obtained from use of the material. Carnegie > >>> Mellon University does not make any warranty of any kind with > >>> respect to freedom from patent, trademark, or copyright infringement. > >>> > >>> ______________________________________________________________________ > >>> > >>> Conditions for use, disclaimers, and sponsorship information > >>> > >>> Copyright 2002 Carnegie Mellon University. > >>> > >>> Revision History > >>>August 13, 2003: Initial release > >>> > >>>- -----BEGIN PGP SIGNATURE----- > >>>Version: PGP 6.5.8 > >>> > >>>iQCVAwUBPzqwFWjtSoHZUTs5AQGN4AQAvL/u+S+FpkNWtBH/fe9DCLJQM21I/dzt > >>>QPU0prMxTq53ntvTOAth+yFPtbcbeDaWuLHakju0mL4OSU0Fp+VsXbXnF5ypE+0r > >>>S5mHpMxSmvPBPBNTIMQUGybEKK783P9Ty2lhXxawEW9JbdgMOY44clo2VIupgxuZ > >>>OeyQrFbsq54= > >>>=/72G > >>>- -----END PGP SIGNATURE----- > >>> > >>>- --------------------------END INCLUDED TEXT-------------------- > >>> > >>>You have received this e-mail bulletin as a result of your > >>> organisation's registration with AusCERT. The mailing list you are > >>> subscribed to is maintained within your organisation, so if you do not > >>> wish to continue receiving these bulletins you should contact your > >>> local IT manager. If you do not know who that is, please send an email > >>> to auscert@auscert.org.au and we will forward your request to the > >>> appropriate person. > >>> > >>>This security bulletin is provided as a service to AusCERT's members. > >>> As AusCERT did not write the document quoted above, AusCERT has had no > >>> control over its content. The decision to follow or act on information > >>> or advice contained in this security bulletin is the responsibility of > >>> each user or organisation, and should be considered in accordance with > >>> your organisation's site policies and procedures. AusCERT takes no > >>> responsibility for consequences which may arise from following or > >>> acting on information or advice contained in this security bulletin. > >>> > >>>NOTE: This is only the original release of the security bulletin. It > >>> may not be updated when updates to the original are made. If > >>> downloading at a later date, it is recommended that the bulletin is > >>> retrieved directly from the author's website to ensure that the > >>> information is still current. > >>> > >>>Contact information for the authors of the original document is included > >>>in the Security Bulletin above. If you have any questions or need > >>> further> information, please contact them directly. > >>> > >>>Previous advisories and external security bulletins can be retrieved > >>> from: > >>> > >>> http://www.auscert.org.au/render.html?cid=1980 > >>> > >>>If you believe that your computer system has been compromised or > >>> attacked in any way, we encourage you to let us know by completing the > >>> secure National IT Incident Reporting Form at: > >>> > >>> http://www.auscert.org.au/render.html?it=3192 > >>> > >>>Internet Email: auscert@auscert.org.au > >>>Facsimile: (07) 3365 7031 > >>>Telephone: (07) 3365 4417 (International: +61 7 3365 4417) > >>> AusCERT personnel answer during Queensland business > >>> hours which are GMT+10:00 (AEST). On call after hours > >>> for member emergencies only. > >>>-----BEGIN PGP SIGNATURE----- > >>>Comment: http://www.auscert.org.au/render.html?it=1967 > >>> > >>>iQCVAwUBPzsIeCh9+71yA2DNAQG3TAP/fUzjaxOLp4sxMfEehxKQygWK3EmEMnd8 > >>>P0PK/qOrNaGdLM6TjwgxzGm0q2NLX1cJV7BnlRu74LeVLUt0bvSXC7xN7axL0jKx > >>>q7uBCJEop5BCyzqin8vGeyc75wf2UJqp+tMLnB3T+qZa6Wd6gbbDEgO37Mct5wxw > >>>1iSJeKfo/Mg= > >>>=pn8Y > >>>-----END PGP SIGNATURE----- > >> > >>---------------------------(end of broadcast)--------------------------- > >>TIP 2: you can get off all lists at once with the unregister command > >> (send "unregister YourEmailAddressHere" to majordomo@postgresql.org) > > > > Marc G. Fournier ICQ#7615664 IRC Nick: > > Scrappy Systems Administrator @ hub.org > > primary: scrappy@hub.org secondary: > > scrappy@{freebsd|postgresql}.org > > ---------------------------(end of broadcast)--------------------------- > TIP 9: the planner will ignore your desire to choose an index scan if your > joining column's datatypes do not match -- Darcy Buskermolen Wavefire Technologies Corp. ph: 250.717.0200 fx: 250.763.1759 http://www.wavefire.com
В списке pgsql-advocacy по дате отправления: