Re: [Leaf-devel] Compiling ssh secutity issue

Thu, 01 Aug 2002 14:03:23 -0700 

On Thu, 2002-08-01 at 13:02, Manfred Schuler wrote:
> Mike,
> 
> this is another topic.
> 
> Your link reports vulnerabilities in openssl.
> 
> This information is about a trojan in the openssh source tarball.
> The trojan opens a backdoor when compiling ssh.

Manfred,
Correct. The link to the post from Michael below contains the MD5
checksum for the source tarball he uses.

    # md5sum ./openssh-3.4p1.tar.gz
    459c1d0262e939d6432f193c7a4ba8a8  ./openssh-3.4p1.tar.gz

> It is no security issue for leaf, only a hint for those people compiling ssh.
> 
> Mike Noyes schrieb:
> > 
> > Manfred,
> > Michael addressed this issue is already.
> > 
> > Re: [leaf-user] FORW: CERT Advisory CA-2002-23 Multiple Vulnerabilities
> > In OpenSSL
> > http://www.mail-archive.com/leaf-user%40lists.sourceforge.net/msg08584.html
> > 
> > On Thu, 2002-08-01 at 11:56, Manfred Schuler wrote:
> > > I received this today:
> > >
> > > Thu Aug  1 14:40:28 MEST 2002
> > >
> > >
> > > The openssh source tarball openssh-3.4p1.tar.gz from the openbsd ftp
> > > server ftp.openbsd.org has been trojaned with code that opens network
> > > connections to a server in the internet (203.62.158.32:6667) at compile
> > > time. The backdoor does not have any influence on the runtime behaviour of
> > > the package to our current knowlege. As of now, the package on the openbsd
> > > ftp server has not been removed/cleaned.
> > >
> > > The SuSE openssh package for SuSE Linux 8.0 has the same version 3.4p1,
> > > but it is built from non-trojaned sources. Therefore, the SuSE openssh
> > > packages are not affected by this backdoor.
> > >
> > > We thank our users who have expressed their concerns about the backdoor
> > > when they notified SuSE Security, and to Len Rose from
> > > [EMAIL PROTECTED]
> > >
> > > Regards,
> > > Roman Drahtmüller,
> > > SuSE Security.
> > > - --

-- 
Mike Noyes <[EMAIL PROTECTED]>
http://sourceforge.net/users/mhnoyes/
http://leaf-project.org/



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf

_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-devel

Reply via email to