The system that houses the main FTP servers for the GNU Project has been compromised by a cracker who was apparently bent on harvesting passwords for a future attack.
The intrusion apparently occurred in March, although officials at the Free Software Foundation Inc., which operates the GNU Project, didnt discover the compromise until about two weeks ago. They have spent the intervening time checking the integrity of all of the GNU source code stored on the servers and dont believe that any of the code was modified.
The FTP servers at the GNU Project serve as repositories for the source code for many of the open-source software projects on the Internet. The servers house hundreds of pieces of source code at any one time, and GNU Project members are still in the process of verifying the MD5 checksums for each file.
The compromise, which affected the “gnuftp.gnu.org” server, was apparently accomplished by exploiting a vulnerability in the “ptrace” function in some versions of the Linux kernel, according to a statement released by the Boston-based Free Software Foundation. FSF officials said the machine appears to have been rooted in the week between the discovery of the ptrace flaw and the release of the patch.
“It appears that the machine was cracked using a ptrace exploit by a local user immediately after the exploit was posted,” the FSF statement says.
The foundation has also compiled a list of the files that were on the server at the time of the compromise and the reasons why they believe that the checksums are valid for each file.
The GNU Project brought a replacement FTP server online on Aug. 2. and has withdrawn local shell access to the server until the certification of all of the source code files is finished.
GNU is a recursive acronym for GNUs not Unix, and began in 1984 as an effort to create a new, free operating system.