Mailinglist Archive: opensuse-security (409 mails)

< Previous Next >
Re: [suse-security] openssh trojan (alert)
  • From: Olaf Kirch <okir@xxxxxxx>
  • Date: Thu, 1 Aug 2002 10:41:48 +0200
  • Message-id: <20020801104148.A9508@xxxxxxx>
On Thu, Aug 01, 2002 at 04:21:21AM -0400, Len Rose wrote:
>
> Not implying that SuSE has this problem (it doesn't) but
> you may wish to read this:
>
> http://lists.netsys.com/pipermail/full-disclosure/2002-August/000734.html

Two things to note here.

1. The openssh RPMs released by SuSE do not seem to have this
problem; any trojaning of the tarball must have happened
afterwards, if at all.
2. The problem will affect only people recompiling openssh from
source, not users installing binary RPMs.

Disclaimer: I haven't checked the ftp archive at openbsd.org; all I've read
so far is the web page mentioned above. By all I know this might also be
a hoax.

Olaf
--
Olaf Kirch | Anyone who has had to work with X.509 has probably
okir@xxxxxxx | experienced what can best be described as
---------------+ ISO water torture. -- Peter Gutmann

< Previous Next >
Follow Ups
References