Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 25 Jan 1999 05:01:54 -0500 (EST)
From:      Peter Philipp <pjp@bsd-daemon.net>
To:        freebsd-security@FreeBSD.ORG
Subject:   FreeBSD Ports and ftp.win.tue.nl
Message-ID:  <Pine.BSF.4.01.9901250444550.1869-100000@bsd-daemon.net>
next in thread | raw e-mail | index | archive | help 
There is confirmed hearsay the ftp.win.tue.nl ftp site was compromised
with backdoors on different packages.  Also it seems that the 
/pub/security archive was removed as stated in the README found at that
site.

There is 3 ports I found at first glance that use this site which is not a
real security hazard if MD5 checksums mismatch but it is possible that
someone uses the NO_CHECKSUM and if those packages were compromised (one
of which was as stated in a CERT and BUGTRAQ advisory) that this could
lead to unforeseen problems.

The ports containing the ftp.win.tue.nl site as a master or secondary site
are (no later than 2.2.8-REL ports distribution):

/usr/ports/print/mp-letter
/usr/ports/security/crack
/usr/ports/security/tcp_wrapper

I think it's fair to warn anyone that caution should be taken with at
least the first port mentioned if it hasn't already been removed.  I did
not check this port either.


Wietse Venema's README at ftp.win.tue.nl below:

<cut>

                                Wietse's archive has moved

-----BEGIN PGP SIGNED MESSAGE-----

Wietse Venema has moved the primary FTP archive for the TCP Wrapper and
other programs to a different location.

The primary archive is now located at

   ftp://ftp.porcupine.org/pub/security/index.html

Wietse Venema expresses his gratitude to his former employer, Eindhoven
University, for making possible the development and distribution of the
TCP Wrapper and other software, and appreciates the support from system
administrators of the department of mathematics and computing science.

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBNqlT2dyA8qbVMny5AQGUUAP9HpiIMYCibLwG3gAQ1zCPnbVyg6vgY12/
X0crBZLsNbKjIIGwmPxOYgQfTfssUxlQX5dCKmnkh9u8/iFGo8qbTTUbDFxSvnyC
JNKzsX/fYz82v5jLvhBsEJQfgVT+yy9pL5QeA9e3gjZJaHAtg/zpReuXJko4Gjey
uEyzZ7gz1/g=
=8fYw
:
-----END PGP SIGNATURE-----

<cut>


Peter Philipp (PP2441)
Daemonic Networks
"In theory, theory is the same as practice, but not in practice" - ???



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.01.9901250444550.1869-100000>