Hallo Andreas, hallo Leute, Am Freitag, 2. August 2002 16:31 schrieb Andreas Kneib:

Trojanisches Pferd in OpenSSH

http://www.heise.de/newsticker/data/pab-01.08.02-000/ http://www.pro-linux.de/news/2002/4545.html

Ähem, Du liest suse-security-announce mit? ---------- schnipp ---------- [suse-security-announce] Not affected: openssh trojan from ftp.openbsd.org Von: Roman Drahtmueller <draht@suse.de> An: suse-security-announce@suse.com Datum: Thu, 1 Aug 2002 14:51:48 +0200 (MEST) The openssh source tarball openssh-3.4p1.tar.gz from the openbsd ftp server ftp.openbsd.org has been trojaned with code that opens network connections to a server in the internet (203.62.158.32:6667) at compile time. The backdoor does not have any influence on the runtime behaviour of the package to our current knowlege. As of now, the package on the openbsd ftp server has not been removed/cleaned. The SuSE openssh package for SuSE Linux 8.0 has the same version 3.4p1, but it is built from non-trojaned sources. Therefore, the SuSE openssh packages are not affected by this backdoor. ---------- schnapp ---------- Ach ja: Für alle, die es immer noch nicht wissen: Einfach eine Mail an suse-security-announce-subscribe@suse.com schicken und die Bestätigungsmail beantworten, dann kommen die sicherheitsrelevanten Infos per Mail. IMHO ist suse-security-announce ein Muss für jeden SuSE-Nutzer, also schnell subscriben ;-) Gruß Christian Boltz -- Registrierter Linux-Nutzer #239431 Linux - life is too short for reboots.