Unreal IRC server sources on the official mirror contained a backdoor

Original author: UnrealIRCd head coder
  • Transfer
Some versions of Unreal3.2.8.1.tar.gz on the official mirrors contained a backdoor that allows you to execute any commands with the privileges of the user on whose behalf ircd is loaded.
The developers claim that they will do everything to prevent this from happening, and recommend that users do not take PGP / GPG signatures lightly

Non- issue versions

Windows binaries -

CVS not changed - not infected

3.2.8 and earlier versions - not dangerous Unreal3.2.8.1.tar.gz

files downloaded earlier on November 10, 2009 are also safe.

How to check if a problem touched me?

The first way is to check md5 from Unreal3.2.8.1.tar.gz with the command md5sum Unreal3.2.8.1.tar.gz
Possible Results
Sample version: 752e46f2d873c1679fa99de3f52a274d
Official version: 7b741e94e867c0a7370553fd01506c66

You can also check by running the command
grep DEBUG3_DOLOG_SYSTEM include / struct.h
in the Unreal3.2 directory. If the output consists of two lines, the version is configured. If nothing happened, everything is fine.

What to do if your server is still infected

First, make sure again that it is really infected, in the ways mentioned above.

1. Download source from www.unrealircd.com
2. Check md5 amounts. (“Correct” hashes will be given below)
3. Rebuild and restart UnrealIRCd.

The correct md5 release hashes

7b741e94e867c0a7370553fd01506c66 Unreal3.2.8.1.tar.gz
5a6941385cd04f19d9f4241e5c912d18 Unreal3.2.8.1.exe
a54eafa6861b6219f4f28451450cdbd3 Unreal3.2.8.1-SSL.exe


Here the team apologizes to everyone for the inconvenience.
And here is the official Advisor
Shit happens

Also popular now: