sendmail
Sendmail official FTP source distribution trojanized (8.12.6)
The official Sendmail FTP server, ftp.sendmail.org, was compromised and the 8.12.6 .tar.gz and .tar.Z source archives were replaced with trojanized versions; HTTP downloads were not believed affected. The malicious code ran during compilation, connected to spatula.aclue.com (66.37.138.99) on TCP/6667, and opened a shell as the build user, compromising build hosts rather than already-running Sendmail daemons.
- Date
- 2002-09-28 to 2002-10-06
- Category
- Open Source
- Target Surface
- Distribution
- Insertion Phase
- distribution
- Impact
- Backdoor
- Cause
- Compromised Infrastructure
What Was Affected
Package
sendmail
LanguageC
ComponentDaemon
Artifact typesource archive
Domain typeproject download host
Domain
ftp.sendmail.org
Compromised Versions
- 8.12.6
Incident Context
- Motive
- Unauthorized Access/Control
- Attribution
- Individual Hacker
- Observed Duration
- 8 days
Evidence
Compromised Artifacts
- ftp.sendmail.orgpub/sendmail/sendmail.8.12.6.tar.gz
- ftp.sendmail.orgpub/sendmail/sendmail.8.12.6.tar.Z
Current Artifacts and Analysis
Indicators and Changes
Hashes
md5:9a7cc87790451590c2e9eb1a8c9df102
External References
Source Data
Source record: oss/sendmail/meta.yaml