Events Concerning Cracking of Gnuftp

A root compromise and a Trojan horse were discovered on,
the FTP server of the GNU project. The machine appears to have been
cracked in March 2003, but we only discovered the crack in the last week
of July 2003. The modus operandi of the cracker shows that (s)he was
interested primarily in using gnuftp to collect passwords and as a
launching point to attack other machines. It appears that the machine was
cracked using a ptrace exploit by a local user immediately after the
exploit was posted.



  • Security