To Whom It May Concern, a security notice posted on November 13, 2002 at http://www.cert.org/advisories/CA-2002-30.html indicates that tcpdump and libpcap source codes have been compromised by a trojan hack. To quote from the CERT advisory -
"The following distributions were modified to include the malicious code:
tcpdump
md5sum 3a1c2dd3471486f9c7df87029bf2f1e9 tcpdump-3.6.2.tar.gz
md5sum 3c410d8434e63fb3931fe77328e4dd88 tcpdump-3.7.1.tar.gz
libpcap
md5sum 73ba7af963aff7c9e23fa1308a793dca libpcap-0.7.1.tar.gz
These modified distributions began to appear in downloads from the HTTP server www.tcpdump.org on or around Nov 11 2002 10:14:00 GMT. The tcpdump development team disabled download of the distributions containing the Trojan horse on Nov 13 2002 15:05:19 GMT. However, the availability of these distributions from mirror sites is unknown. At this time, it does not appear that related projects such as WinPcap and WinDump contain this Trojan horse."
While I'm not a programmer, I am a user of Ethereal. Would anyone in the group happen to know if the WinPcap installation software (v 2.3) downloadable from
http://winpcap.mirror.ethereal.com/ and last updated on August 8, 2002 has also been infected?
Thanks!
David Willis
Senior Network Consultant
Technical Marketing
AT&T Business Services
415-442-2225 (w)
415-442-2527 (f)
drwillis@xxxxxxx