Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 14 Aug 2003 02:22:25 +0200
From:      Chris Larsen <darth@vader.dk>
To:        freebsd-security@freebsd.org
Subject:    NOTICE: [CERT Advisory CA-2003-21 GNU Project FTP Server Compromise]
Message-ID:  <20030814002225.GH436@endor.vader.dk>
Resent-Message-ID: <200308140914.h7E9E8S1072741@endor.vader.dk>
next in thread | raw e-mail | index | archive | help 

--a8sldprk+5E/pDEv
Content-Type: multipart/mixed; boundary="Y+xroYBkGM9OatJL"
Content-Disposition: inline


--Y+xroYBkGM9OatJL
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi All

As many may have noticed the GNU Project's FTP server had been compromised =
as
outlined in this CERT advisory[1].

I felt the urge to quickly hack together a small perl script to check my
distfiles against the published md5 sums from FSF.

Using this file as reference: ftp://ftp.gnu.org/before-2003-08-01.md5sums.a=
sc
(Check and Verify the PGP signature ![1])

[1] Full CERT advisory : http://www.cert.org/advisories/CA-2003-21.html

-*-*-*-

Attached is a gzipped perl program to check ports/distfiles GNU archives
against the above file and indicate OK or WARNING status.

This script is provided in hope that people may find it useful.

PS: I know already now it has some shortcommings and is not fully regression
tested, but it fullfilled my purposes.

--=20
Chris Larsen

"Make something idiot proof,
 and someone will invent a better idiot."

--Y+xroYBkGM9OatJL--

--a8sldprk+5E/pDEv
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----

iQEVAwUBPzrWQZrTOTwTeZOlAQGqzwgAiCf6RXza4b2rctY36uawZfnFizdr8aZW
XPguYA/UNYfxv4UyYlsdkK8jAVV+xtPVy9XQiMgHJ1D6UzZ4tWM86mdFmdZUqts6
c4wp/Q1AYHXy7s8X0kTQmojrRCfKDYgH/QAXwZojwl0TgZRY0yGFSlLzOMDkG3HC
uKxmrMwV2tgbSq4JVVbrCaxdDB4MK4iiT6XC5cncjMqwOpi8Lfqx3fy/lZmnbWqz
rkIkANuMun9veMKg1CbQDYRhQcq4MCjNwVXI78Nr31XaLWUL6oABHLlu+wML75my
rPSLW67EurHbMBPY6e2lO2go8ImH7VZjUiFHk/BP3NUH2YBFr8v/ig==
=6R6J
-----END PGP SIGNATURE-----

--a8sldprk+5E/pDEv--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030814002225.GH436>