VULHUB ™

CERT Advisory CA-2002-30 - Released source code distributions of the libpcap and tcpdump packages were modified by an intruder and contain a trojan horse which, upon compile time, remote grabs a file from a fixed IP address which it then compiles and runs. The binary then goes to a fixed IP address and gets a one character response which enables the remote machine to trigger the spawning of a shell to the remote machine. The backdoor also explicitly ignores all traffic on port 1963.

CERT Advisory CA-2002-30 - Released source code distributions of the libpcap and tcpdump packages were modified by an intruder and contain a trojan horse which, upon compile time, remote grabs a file from a fixed IP address which it then compiles and runs. The binary then goes to a fixed IP address and gets a one character response which enables the remote machine to trigger the spawning of a shell to the remote machine. The backdoor also explicitly ignores all traffic on port 1963.