[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OpenSSH Security Advisory: Trojaned Distribution Files

To: <misc@openbsd.org>
Subject: Re: OpenSSH Security Advisory: Trojaned Distribution Files
From: "Martin Reindl" <mreindl@catai.org>
Date: Thu, 1 Aug 2002 17:50:38 +0200

> > OpenSSH Security Advisory (adv.trojan)
> >
> > 1. Systems affected:
> >
> > OpenSSH version 3.2.2p1, 3.4p1 and 3.4 have been trojaned on the
> > OpenBSD ftp server and potentially propagated via the
> normal mirroring
> > process to other ftp servers.  The code was inserted some
> time between
> > the 30th and 31th of July.  We replaced the trojaned files
> with their
> > originals at 7AM MDT, August 1st.
>
> How did this happened? Solaris knockdown?

Think so ...
The server bf-test.c is refering to (203.62.158.32:6667) was running
FreeBSD Apache 1.3.24 with the well known bug from April 11th till
August 1st (according to netcraft.com).
Maybe somebody knows how the trojan got on ftp.openbsd.org.
The idiots out there already start blaming OpenSSH and OpenBSD for this.
Btw, Response time restoring the original files seems really fast, i
couldn't find any modified openssh-3.4p1.tar.gz today.

Martin

Follow-Ups:
- Re: OpenSSH Security Advisory: Trojaned Distribution Files
  - From: marius aamodt eriksen <marius@umich.edu>
- Re: OpenSSH Security Advisory: Trojaned Distribution Files
  - From: Dayton <smartestguy@technologist.com>

References:
- Re: OpenSSH Security Advisory: Trojaned Distribution Files
  - From: Eduardo Augusto Alvarenga <eduardo-openbsd-misc.a8164a@thrx.dyndns.org>

Prev by Date: Re: slow NFSd on i386?
Next by Date: resource limiting for shell-less processes, nologin user
Prev by thread: Re: OpenSSH Security Advisory: Trojaned Distribution Files
Next by thread: Re: OpenSSH Security Advisory: Trojaned Distribution Files
Index(es):
- Date
- Thread