# Unrealircd Backdoored



## swa (Jun 22, 2010)

http://www.unrealircd.com/txt/unrealsecadvisory.20100612.txt 

Looks like the port downloads from the unrealircd mirrors. 
Installed from ports and checked in Unreal3.2/include dir to see if I am vulnerable with

```
grep DEBUG3_DOLOG_SYSTEM struct.h
```
Outputs nothing so luckily mine is not affected, but maybe others could be affected ? 
Not sure where to put this information, who to contact, or if the word should be spread or not.


----------



## SirDice (Jun 22, 2010)

You're about a week late :e

http://forums.freebsd.org/showthread.php?t=15050


----------



## swa (Jun 22, 2010)

Good to see it's allready been mentioned 
Somehow I was dreaming or some and didn't see it earlier.


----------



## SirDice (Jun 22, 2010)

The port seems to download the correct (non-backdoored) version. From the advisory:


> One is to check if the Unreal3.2.8.1.tar.gz you have is good or bad by running 'md5sum Unreal3.2.8.1.tar.gz' on it.
> Backdoored version (BAD) is: 752e46f2d873c1679fa99de3f52a274d
> Official version (GOOD) is: 7b741e94e867c0a7370553fd01506c66



The port's distfile:

```
MD5 (Unreal3.2.8.1.tar.gz) = 7b741e94e867c0a7370553fd01506c66
SHA256 (Unreal3.2.8.1.tar.gz) = 009add8da68b6fb66608d06302e59fa9fb994f901cbd92e6f4f10963f2077741
SIZE (Unreal3.2.8.1.tar.gz) = 2866456
```

The MD5 matches the "safe" version.


----------



## eyebone (Jun 24, 2010)

SirDice said:
			
		

> The MD5 matches the "safe" version.



:e:e what do u know we dont


----------

