tcp-wrappers
tcp-wrappers distribution trojanized granting remote root
The official source code distribution tarball for tcp-wrappers version 7.6 (`tcp_wrappers_7.6.tar.gz`) was replaced with a trojaned version on several FTP distribution sites, including the primary site at the time (Eindhoven University). The backdoor provided root access to attackers initiating connections from source port 421 and also sent system information via email upon compilation.
- Date
- 1999-01-21 to 1999-01-22
- Category
- Open Source
- Target Surface
- Distribution
- Insertion Phase
- distribution
- Impact
- Backdoor
- Cause
- Compromised Infrastructure
What Was Affected
Package
tcp-wrappers
LanguageC
ComponentLibrary
Artifact typesource archive
Domain typeproject download host
Domain
ftp.win.tue.nl
Compromised Versions
- 7.6
Incident Context
- Motive
- Unauthorized Access/Control
- Attribution
- Individual Hacker
- Transitive
- No
- Observed Duration
- 1 days
Evidence
Compromised Artifacts
- ftp.win.tue.nlpub/security/tcp_wrappers_7.6.tar.gz
- ftp.porcupine.orgpub/security/tcp_wrappers_7.6.tar.gz
Current Artifacts and Analysis
Indicators and Changes
Hashes
md5:3a95175a092f1753a0591bf501ff9d39
External References
Source Data
Source record: oss/tcp-wrappers/meta.yaml