[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: OpenSSH Security Advisory: Trojaned Distribution Files
Just to be nice and sparkling clear on this issue - this only affected the
portable openssh package, correct? Is it true that the non-portable (ie,
OpenBSD specific) package was NOT trojaned at any time (that anyone knows
about, anyway)? Thanks in advance.
Cheers,
Brian Szymanski
bks10@cornell.edu
> * Martin Reindl <mreindl@catai.org> [020801 11:53]:
>
>> Think so ...
>> The server bf-test.c is refering to (203.62.158.32:6667) was running
>> FreeBSD Apache 1.3.24 with the well known bug from April 11th till
>> August 1st (according to netcraft.com).
>> Maybe somebody knows how the trojan got on ftp.openbsd.org.
>> The idiots out there already start blaming OpenSSH and OpenBSD for
>> this. Btw, Response time restoring the original files seems really
>> fast, i couldn't find any modified openssh-3.4p1.tar.gz today.
>
> also, the owner of that server was quite prompt in ensuring that port
> 6667 was no more accessible.
>
> marius.
>
> --
>> marius@umich.edu > http://www.citi.umich.edu/u/marius