GNU Projects FTP Servers Hacked
Officials at the Free Software Foundation Inc., which operates the GNU Project, don't believe that any of the code was modified.The system that houses the main FTP servers for the GNU Project has been compromised by a cracker who was apparently bent on harvesting passwords for a future attack. The intrusion apparently occurred in March, although officials at the Free Software Foundation Inc., which operates the GNU Project, didnt discover the compromise until about two weeks ago. They have spent the intervening time checking the integrity of all of the GNU source code stored on the servers and dont believe that any of the code was modified. The FTP servers at the GNU Project serve as repositories for the source code for many of the open-source software projects on the Internet. The servers house hundreds of pieces of source code at any one time, and GNU Project members are still in the process of verifying the MD5 checksums for each file.
The compromise, which affected the "gnuftp.gnu.org" server, was apparently accomplished by exploiting a vulnerability in the "ptrace" function in some versions of the Linux kernel, according to a statement released by the Boston-based Free Software Foundation. FSF officials said the machine appears to have been rooted in the week between the discovery of the ptrace flaw and the release of the patch.