GNU FTP server compromised

Sam Halliday fommil at
Wed Aug 13 11:50:17 PDT 2003

Matthias Benkmann wrote:

thats pretty scary

i already knew a few days ago that the webserver had been cracked due to an ssh
v1 exploit (btw, i hope everyone has "Protocol 2" set in /etc/ssh/sshd_config
unless they REALLY need v1), but i had no idea about FTP. at the time i reported
some broken links on the webpage, i was given a GPG signed list of md5sums on
the FTP server from a few months ago compared with a list from that day, and
everything matched.


If they were so inclined, they could impeach him because they don't like his
-- Attorney General William Saxbe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <>

More information about the lfs-security mailing list