Hi everybody, I just checked it double: YES the openssh-3.4p1.tar.gz on ftp.openbsd.org is TROJANED!!! I downloaded our versions here just after
Hi again,
to be a little more concrete: about 10 minutes ago I downloaded the tarball of openssh-3.4p1 which is actually available on ftp.openbsd.org.
I untared it, cd'd to openbsd-compat and did a gcc bf-test.c -o bf-test. After this I did sh bftest > bftest.sh and finally got a shell script which
contains the same as reported on the link below. So there is definitively a connection attempt to this server - but actually I do not know
waht it is good for. Could there be some legal reaseon for this?!?
Christoph
BTW: were are just trying to double-check the sig of the tarball but due to probs with the keyservers didn't have results for now...
1.8.2002 10:45:59, Christoph Wegener
were released from the OpenSSH team, these ones seem to be clean. BUT: The version which is actually available on ftp.openbsd.org is NOT clean! Or did I make a mistake in my analysis?!?
So is this the time to say good bye to OpenSSH?!? ;))
Christoph
1.8.2002 10:21:21, Len Rose
wrote: Not implying that SuSE has this problem (it doesn't) but you may wish to read this:
http://lists.netsys.com/pipermail/full-disclosure/2002-August/000734.html
-- .-. Ruhr-Universitaet Bochum /v\ L I N U X Lehrstuhl fuer Biophysik // \\ >Penguin Computing< c/o Christoph Wegener /( )\ Gebaeude ND 04/Nord ^^-^^ D-44780 Bochum, GERMANY
Tel: +49 (234) 32-25754 Fax: +49 (234) 32-14626 mailto:cwe@bph.ruhr-uni-bochum.de http://www.bph.ruhr-uni-bochum.de