[IRCServices Coding] Trojan warning and MD5 checksums

Andrew Church achurch at achurch.org
Sat Jun 1 02:26:11 PDT 2002


     Recently, two open-source programs (the "irssi" IRC client and another
program called fragroute) have been trojaned by someone breaking into the
distribution site and modifying the "configure" script of each program to
spawn a shell accessible over the network.  I am not aware of any case in
which a Services distribution/mirror site has been broken into, but to be
safe, I will from now on release MD5 digests of each distribution file on
the appropriate mailing list; at least for the near future, it would be
advisable to compare these to the MD5 digests of the files you download to
ensure they have not been modified (or simply corrupted in transfer).  Most
Linux distributions have a program called "md5" or "md5sum" which will
print the MD5 digest of a given file, and can be used for such comparisons.
(Note that the MD5 digests will not be stored on the FTP sites, for the
obvious reason that if an attacker could change the distribution files
themselves, they could just as easily change the checksum file as well.)

     For reference, the MD5 digests of the current stable and beta
distribution files are as follows:

MD5 (ircservices-4.5.40.diff.gz) = 605d8c0f92b37f4509f65de8e56b446e
MD5 (ircservices-4.5.40.tar.gz) = 77020902db4845c928e103861f534df2
MD5 (beta/ircservices-5.0pre0-1.i386.rpm) = 1a2982000f28c41a7dd09300e3107543
MD5 (beta/ircservices-5.0pre0.tar.gz) = c6239c42d029a64da4207bf22e3b0b7e
MD5 (beta/ircservices_5.0pre0-1_i386.deb) = b2f8fefbfee495b72afa6b70fc88424e

  --Andrew Church
    achurch at achurch.org
    http://achurch.org/