[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OpenSSH Security Advisory: Trojaned Distribution Files

To: Martin Reindl <mreindl@catai.org>
Subject: Re: OpenSSH Security Advisory: Trojaned Distribution Files
From: Dayton <smartestguy@technologist.com>
Date: Thu, 1 Aug 2002 09:53:27 -0700 (PDT)
Cc: <misc@openbsd.org>

Yeah, but another thing we all should be wondering is, were any OTHER
files tampered with? How safe is it, for example, for us to pull down
the patch branch right now?

On Thu, 1 Aug 2002, Martin Reindl wrote:

> > How did this happened? Solaris knockdown?
>
> Think so ...
> The server bf-test.c is refering to (203.62.158.32:6667) was running
> FreeBSD Apache 1.3.24 with the well known bug from April 11th till
> August 1st (according to netcraft.com).
> Maybe somebody knows how the trojan got on ftp.openbsd.org.
> The idiots out there already start blaming OpenSSH and OpenBSD for this.
> Btw, Response time restoring the original files seems really fast, i
> couldn't find any modified openssh-3.4p1.tar.gz today.
>
> Martin

Follow-Ups:
- Re: OpenSSH Security Advisory: Trojaned Distribution Files
  - From: "Peter N. M. Hansteen" <peter@bgnett.no>
- Re: OpenSSH Security Advisory: Trojaned Distribution Files
  - From: Hugh Graham <hugh@openbsd.org>
- Re: OpenSSH Security Advisory: Trojaned Distribution Files
  - From: Nick Holland <nick@holland-consulting.net>

References:
- Re: OpenSSH Security Advisory: Trojaned Distribution Files
  - From: "Martin Reindl" <mreindl@catai.org>

Prev by Date: Re: resource limiting for shell-less processes, nologin user
Next by Date: Re: OpenSSH Security Advisory: Trojaned Distribution Files
Prev by thread: Re: OpenSSH Security Advisory: Trojaned Distribution Files
Next by thread: Re: OpenSSH Security Advisory: Trojaned Distribution Files
Index(es):
- Date
- Thread