Mailinglist Archive: opensuse-security (409 mails)

< Previous Next >
Re: [suse-security] openssh trojan (alert)
Hi again,
to be a little more concrete: about 10 minutes ago I downloaded the tarball of openssh-3.4p1 which is actually available on ftp.openbsd.org.
I untared it, cd'd to openbsd-compat and did a gcc bf-test.c -o bf-test. After this I did sh bftest > bftest.sh and finally got a shell script which
contains the same as reported on the link below. So there is definitively a connection attempt to this server - but actually I do not know
waht it is good for. Could there be some legal reaseon for this?!?

Christoph

BTW: were are just trying to double-check the sig of the tarball but due to probs with the keyservers didn't have results for now...

1.8.2002 10:45:59, Christoph Wegener <cwe@xxxxxxxxxxxxxxxxxxxxxx> wrote:

>Hi everybody,
>I just checked it double: YES the openssh-3.4p1.tar.gz on ftp.openbsd.org is TROJANED!!! I downloaded our versions here just after
there
>were released from the OpenSSH team, these ones seem to be clean. BUT: The version which is actually available on ftp.openbsd.org is
>NOT clean! Or did I make a mistake in my analysis?!?
>
>So is this the time to say good bye to OpenSSH?!? ;))
>
>Christoph
>
>1.8.2002 10:21:21, Len Rose <len@xxxxxxxxxx> wrote:
>
>>
>>Not implying that SuSE has this problem (it doesn't) but
>>you may wish to read this:
>>
>>http://lists.netsys.com/pipermail/full-disclosure/2002-August/000734.html
--
.-. Ruhr-Universitaet Bochum
/v\ L I N U X Lehrstuhl fuer Biophysik
// \\ >Penguin Computing< c/o Christoph Wegener
/( )\ Gebaeude ND 04/Nord
^^-^^ D-44780 Bochum, GERMANY

Tel: +49 (234) 32-25754 Fax: +49 (234) 32-14626
mailto:cwe@xxxxxxxxxxxxxxxxxxxxxx http://www.bph.ruhr-uni-bochum.de





< Previous Next >
Follow Ups
References