util-linux
util-linux source archive trojanized
The util-linux 2.9g source archive was replaced on an official distribution site during the same 1999 advisory window as the tcp-wrappers compromise. The malicious change targeted login code, allowing credential theft and unauthorized command execution after administrators built and installed the package. This is a distinct record from tcp-wrappers, even though both were covered by the same CERT-era warning.
- Date
- 1999-01-21 to 1999-01-22
- Category
- Open Source
- Target Surface
- Distribution
- Insertion Phase
- distribution
- Impact
- Credential theft
- Cause
- Compromised Infrastructure
What Was Affected
Package
util-linux
LanguageC
ComponentApplication
Artifact typesource archive
Domain typeproject download host
Domain
ftp.win.tue.nl
Repository
github.com/util-linux/util-linux
Compromised Versions
- util-linux 2.9g
Incident Context
- Motive
- Unauthorized Access
- Attribution
- Unknown attacker
- Transitive
- No
- User Impact
- 0
- Observed Duration
- 1 days
Evidence
Compromised Artifacts
External References
Source Data
Source record: oss/attacks/util-linux/meta.yaml