[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Cracked PUMP binary

On Fri, Jul 16, 2004 at 03:05:15PM +0100, D I Freeman wrote:
>On Fri, Jul 16, 2004 at 02:48:45PM +0100, D I Freeman wrote:
>>I have a machine on my network running Debian Testing, which had pump
>>0.8.19-4 installed, I first got suspicious when I found it listening
>>on port 68 TCP, couldn't understand why. I then did an md5sum on the
>>running binary. I got the following sum:
>>freemadi@yoda:~$ md5sum pump.image
>>25bbb53182f70fbaaaccd2b33864e458  pump.image

There is no pump.image in pump_0.8.19-4_i386.deb.

>>Which doesn't match any for friends installations which all give:
>>ripley:/etc# md5sum /usr/bin/md5sum
>>8e16b5d66b3facecfb9162974a01f122 /usr/bin/md5sum
>Sorry to fill your inbox, but this should read:
>ripley:/proc/3431# ps -ef  | grep pump
>root      3433     1  0 02:27 ?        00:00:00 pump
>root      3440  3390  0 02:27 pts/3    00:00:00 pump
>root      3442  2447  0 02:27 pts/0    00:00:00 grep
>ripley:/proc/3431# cd /proc/3433
>ripley:/proc/3433# cat exe > /tmp/exe
>ripley:/proc/3433# md5sum /tmp/exe
>14a31139a83ce9da6ec3709e1b431a9d  /tmp/exe
>Which matches everyone elses md5sum.

That checksum matches /sbin/pump from pump_0.8.19-4_i386.deb:

niquia:~# md5sum /sbin/pump
14a31139a83ce9da6ec3709e1b431a9d  /sbin/pump

>>Firstly, my question is, have you heard of this happening before?

No, I haven't. Where is pump.image coming from?

>>and secondly, does the md5sum of my binary match any earlier versions
>>of pump?

I don't know, pump_0.8.19-4 is my first release of the package after I
took it over from Herbert Xu.

Sorry, I don't have previous versions of pump. However, you can find old
versions of pump at [0].

[0] http://snapshot.debian.net/package/pump

>>If it helps, this was originally installed either from the Estonia apt
>>server or the UK mirror at University of Kent.

Could someone shed some light on this problem, please?


Anibal Monsalve Salazar
 .''`.  Debian GNU/Linux      | Building 28C
: :' :  Free Operating System | Monash University VIC 3800, Australia
`. `'   http://debian.org/    | http://www-personal.monash.edu/~anibal/
  `-                          |

Attachment: signature.asc
Description: Digital signature

Reply to: