---

Home Security

util-linux-2.9g compromised

By

As posted by Andries Brouwer to C.O.L.A., January 24, 1999 and
also on linux-kernel.

I just learned that
ftp://ftp.win.tue.nl/pub/linux/util/util-linux-2.9g.tar.gz
has been compromised

(so that 1. It gives anybody who logs in with name #!sh
a root shell, and 2. It mails usernames and passwords
to wlogain@hotmail.com).

Probably you do not want to use this enhanced version.
The original version has been put back.
It has md5sum
ab409a6ac5a775a4b04b8e27f6c86933  util-linux-2.9g.tar.gz

I am not aware of anything else that was changed, but
of course this means for the time being that anything
found on this machine must be regarded as suspect.

Andries - aeb@cwi.nl


[PS I would be interested in finding precisely when
this was done. If you got a non-corrupt version
recently, could you mail me date and time?]

An independent
announcement by Andries Brouwer of the util-linux security
breach was posted to the linux-kernel list and is published on
LWN/daily.

Complete Story
Previous article
Next article

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.