Hi Steve, I believe there are few other files that contain "aion" but I think they're just comments and don't end up as strings in the compiled file. If you do a find | grep you'll see the other files. I'm not sure how rkhunter fully works yet. I ended up correcting the typo and recompiling. Now rkhunter no longer throws the warning.
Wally On Tue, Mar 11, 2014 at 2:54 PM, Steven Kneizys <[email protected]>wrote: > I see that in the source: > > .asciz "Vector Permutaion AES for x86_64/SSSE3, Mike Hamburg (Stanford > University)" > > And should be: > > .asciz "Vector Permutation AES for x86_64/SSSE3, Mike Hamburg (Stanford > University)" > > I am just wondering why that rkhunter would possibly think that was a > vulnerability! > > Steve... > > > On Tue, Mar 11, 2014 at 3:12 PM, Wally <[email protected]> wrote: > >> Greetings. I have compiled openssh 6.5p1, openssl 1.0.1f and rkhunter >> 1.4.2. >> >> Rkhunter shows the following message: >> [ Warning ]Found string 'aion' in file '/usr/sbin/sshd'. Possible >> rootkit: Trojaned SSH daemon >> >> OpenSSH is compiled with OpenSSL support, and the string "aion" that is >> identified as a possible root kit by rkhunter is found inside "openssl-1. >> 0.1f/crypto/aes/asm/vpaes-x86_64.pl" file. It looks like a simple typo >> on line 1063. Could the developers please take a look and possibly >> repackage the release? >> >> Thanks >> > > > > -- > Steve Kneizys > Senior Business Process Engineer > Voice: (610) 256-1396 [For Emergency Service (888)864-3282] > Ferrilli Information Group -- Quality Service and Solutions for Higher > Education > web: http://www.ferrilli.com/ <http://www.figsolutions.com/> > > Making you a success while exceeding your expectations. >
