Backdoored Source

So find the bug in the zeek source version release/2.0. They provide a tampered zip file of the source.

Zeek repo lives here https://github.com/zeek/zeek

The original source tag here https://github.com/zeek/zeek/releases/tag/v2.0

Clone that tag down. I used beyond compare to do a folder diff on the sourcetree. Uh oh whats up with that file I wonder.

The Solution

scripts/base/protocols/conn/main.bro
PreviousCheck Your Alignment

Last updated