Backdoor Found In UnrealIRCd Source Archive

← Back to Stories (view on slashdot.org)

Backdoor Found In UnrealIRCd Source Archive

Posted by timothy on Saturday June 12, 2010 @05:28PM from the channel-is-pwn3d dept.

l_bratch writes "A malicious backdoor was added to the UnrealIRCd source archive some time around November 2009. It was not noticed for several months, so many IRC servers are likely to be compromised. A Metasploit exploit already exists."

5 of 174 comments (clear)

Min score:

Reason:

Sort:

Re:Remember, kids! by Stupendoussteve · 2010-06-12 17:44 · Score: 5, Informative

Actually, the hash was not modified from when they posted the true source. Anybody who would have checked it would have recognized that something was wrong.
Re:Open source by tsj5j · 2010-06-12 17:52 · Score: 5, Informative

Read the original linked source. The source repositories were not compromised; rather, the mirror servers were. The mirror servers had the tarballs replaced with malicious code.
Re:It's nice that they're honest. by Lobachevsky · 2010-06-12 18:38 · Score: 4, Informative

Closed source software has similar problems with disgruntled employees. Only difference is that the company when finding the backdoor quietly fixes it and gags anyone from going to the media about it.
Comment removed by account_deleted · 2010-06-12 20:14 · Score: 4, Informative

Comment removed based on user account deletion
Re:It's nice that they're honest. by Zigurd · 2010-06-13 03:02 · Score: 4, Informative

The parent post here found the key fact: If you check article, in fact it confirms the back door was NOT in the source code. Someone replaced some mirrors, and due to lack of a signature, got away with it for a long time.
This event does not repudiate the protections of having source code available to inspect, and having project governance that reviews code. It does suggest people should be careful about which mirrors they use and how signatures are checked.

--
I wrote parts of this stuff