freebsd security - Aug 2003 - NOTICE: [CERT Advisory CA-2003-21 GNU Project FTP Server Compromise]

Hi All

As many may have noticed the GNU Project's FTP server had been compromised
as
outlined in this CERT advisory[1].

I felt the urge to quickly hack together a small perl script to check my
distfiles against the published md5 sums from FSF.

Using this file as reference: ftp://ftp.gnu.org/before-2003-08-01.md5sums.asc
(Check and Verify the PGP signature ![1])

[1] Full CERT advisory : http://www.cert.org/advisories/CA-2003-21.html

-*-*-*-

Attached is a gzipped perl program to check ports/distfiles GNU archives
against the above file and indicate OK or WARNING status.

This script is provided in hope that people may find it useful.

PS: I know already now it has some shortcommings and is not fully regression
tested, but it fullfilled my purposes.

-- 
Chris Larsen

"Make something idiot proof,
 and someone will invent a better idiot."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 447 bytes
Desc: not available
Url :
http://lists.freebsd.org/pipermail/freebsd-security/attachments/20030814/f4589d6c/attachment.bin

Hi All

Sorry about this:

1) I could have told myself that sending the script as attachment would not
   make it through mailman

Please find the script here : http://www.babel.dk/home/~vader/scripts/

2) I just verified my signature locally (sent mail) against the one put on the
   mailing list and there is a definitive mismatch. Probably due to mailman
   altering the mail, i hope the signature on this mail will be correct.

Re.

-- 
Chris Larsen

"Make something idiot proof,
 and someone will invent a better idiot."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 447 bytes
Desc: not available
Url :
http://lists.freebsd.org/pipermail/freebsd-security/attachments/20030814/4f19e24c/attachment.bin