Mailinglist Archive: opensuse-security (409 mails)
| < Previous | Next > |
Re: [suse-security] openssh trojan (alert)
- From: Christoph Wegener <cwe@xxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 01 Aug 2002 11:48:11 +0200
- Message-id: <C0QUQ2XIF0QL5A9NKVQ433YSOUQKI.3d4903db@gonzo>
Hi,
yes you are right: I just did a echo -e '\x2f\x62\x69\x6e\x2f\x73\x68' (this is i_val == the code which is executed after receiving the D) and
got /bin/sh ...
So there is really NO legal reason for this... :(((
Greetz
Christoph
1.8.2002 11:14:54, Anders Johansson <andjoh@xxxxxxxxxxxxxxxxxxxxx> wrote:
>On Thursday 01 August 2002 11.01, Christoph Wegener wrote:
>> So there is definitively a connection
>> attempt to this server - but actually I do not know waht it is good for.
>> Could there be some legal reaseon for this?!?
>
>Look at the c source generated by the shell script. If it receives a 'D'
>command from this server it spawns a remote shell. I'd say there's an
>*illegal* reason for this.
>
>regards
>Anders
--
.-. Ruhr-Universitaet Bochum
/v\ L I N U X Lehrstuhl fuer Biophysik
// \\ >Penguin Computing< c/o Christoph Wegener
/( )\ Gebaeude ND 04/Nord
^^-^^ D-44780 Bochum, GERMANY
Tel: +49 (234) 32-25754 Fax: +49 (234) 32-14626
mailto:cwe@xxxxxxxxxxxxxxxxxxxxxx http://www.bph.ruhr-uni-bochum.de
yes you are right: I just did a echo -e '\x2f\x62\x69\x6e\x2f\x73\x68' (this is i_val == the code which is executed after receiving the D) and
got /bin/sh ...
So there is really NO legal reason for this... :(((
Greetz
Christoph
1.8.2002 11:14:54, Anders Johansson <andjoh@xxxxxxxxxxxxxxxxxxxxx> wrote:
>On Thursday 01 August 2002 11.01, Christoph Wegener wrote:
>> So there is definitively a connection
>> attempt to this server - but actually I do not know waht it is good for.
>> Could there be some legal reaseon for this?!?
>
>Look at the c source generated by the shell script. If it receives a 'D'
>command from this server it spawns a remote shell. I'd say there's an
>*illegal* reason for this.
>
>regards
>Anders
--
.-. Ruhr-Universitaet Bochum
/v\ L I N U X Lehrstuhl fuer Biophysik
// \\ >Penguin Computing< c/o Christoph Wegener
/( )\ Gebaeude ND 04/Nord
^^-^^ D-44780 Bochum, GERMANY
Tel: +49 (234) 32-25754 Fax: +49 (234) 32-14626
mailto:cwe@xxxxxxxxxxxxxxxxxxxxxx http://www.bph.ruhr-uni-bochum.de
| < Previous | Next > |