unrealircd
UnrealIRCd distribution tarball backdoored for RCE
The official UnrealIRCd 3.2.8.1 distribution tarball was replaced with a backdoored version on official download infrastructure and remained exposed for months. The hidden source change allowed arbitrary command execution with the privileges of the IRC daemon when a client sent the AB;COMMAND; trigger. The DailyDave thread preserved attacker-side context and a compact Python exploit for the same trigger.
- Date
- 2009-11-01 to 2010-06-12
- Category
- Open Source
- Target Surface
- Distribution
- Insertion Phase
- distribution
- Impact
- Backdoor
- Cause
- Compromised Infrastructure
What Was Affected
Package
unrealircd
LanguageC
ComponentDaemon
Artifact typesource archive
Domain typeproject download host
Domain
unrealircd.org
Compromised Versions
- 3.2.8.1
Incident Context
- Motive
- Unauthorized Access/Control
- Attribution
- Individual Hacker
- Observed Duration
- 223 days
Evidence
Compromised Artifacts
Current Artifacts and Analysis
Indicators and Changes
Hashes
md5:e5a4f00a16455005a45d969992173911
External References
Source Data
Source record: oss/unrealircd/meta.yaml