GNU Servers Hacked, Linux Software May Be Compromised
It warned that the attacker may have inserted malicious code into the free software available for download, including Linux, and posted a set of hashes that users can check against to determine if what they retrieved is clean.
The CERT Coordination Center noted in an advisory posted Wednesday that "because this system serves as a centralized archive of popular software, the insertion of malicious code into the distributed software is a serious threat." At the same time, it reported that there isn't any evidence that the source code posted on the FTP servers was, in fact, compromised.
The Free Software Foundation (FSF), which oversees the GNU Project, has posted a series of checksums, validation numbers generated by the source code known not to have been compromised, which users can use to verify what they've downloaded.
The attack took place in March, but was only discovered in late July. It used an exploit that was revealed on March 17, for which a patch wasn't immediately available. It was during a week's span of vulnerability that the servers were compromised, the FSF said in a statement.
A trojan horse was placed on the system at that time, possibly for password collection and to use the machine for additional attacks, according to the FSF.
This story courtesy of TechWeb .