irssi
Irssi configure script backdoored
The irssi.org server was cracked, and the official Irssi 0.8.4 source distribution served a modified configure script for about two months. The backdoor compiled into builds made from the poisoned archive and allowed remote access through IRC-triggered behavior. The project disclosed the compromise, restored the site, and released Irssi 0.8.4a with a clean configure script.
- Date
- 2002-03-14 to 2002-05-25
- Category
- Open Source
- Target Surface
- Distribution
- Insertion Phase
- distribution
- Impact
- Backdoor
- Cause
- Website compromise
What Was Affected
Package
irssi
LanguageShell
ComponentApplication
Artifact typesource archive
Domain typeproject download host
Domain
irssi.org
Repository
github.com/irssi/irssi
Compromised Versions
- irssi 0.8.4
Incident Context
- Motive
- Unauthorized Access
- Attribution
- Unknown attacker
- Transitive
- No
- User Impact
- 0
- Observed Duration
- 72 days
Evidence
Compromised Artifacts
External References
Source Data
Source record: oss/attacks/irssi/meta.yaml