Mailinglist Archive: opensuse-security (409 mails)

< Previous Next >
Re: [suse-security] openssh trojan (alert)
Hi,
yes you are right: I just did a echo -e '\x2f\x62\x69\x6e\x2f\x73\x68' (this is i_val == the code which is executed after receiving the D) and
got /bin/sh ...

So there is really NO legal reason for this... :(((

Greetz
Christoph

1.8.2002 11:14:54, Anders Johansson <andjoh@xxxxxxxxxxxxxxxxxxxxx> wrote:

>On Thursday 01 August 2002 11.01, Christoph Wegener wrote:
>> So there is definitively a connection
>> attempt to this server - but actually I do not know waht it is good for.
>> Could there be some legal reaseon for this?!?
>
>Look at the c source generated by the shell script. If it receives a 'D'
>command from this server it spawns a remote shell. I'd say there's an
>*illegal* reason for this.
>
>regards
>Anders
--
.-. Ruhr-Universitaet Bochum
/v\ L I N U X Lehrstuhl fuer Biophysik
// \\ >Penguin Computing< c/o Christoph Wegener
/( )\ Gebaeude ND 04/Nord
^^-^^ D-44780 Bochum, GERMANY

Tel: +49 (234) 32-25754 Fax: +49 (234) 32-14626
mailto:cwe@xxxxxxxxxxxxxxxxxxxxxx http://www.bph.ruhr-uni-bochum.de





< Previous Next >
References