Here is a diff for it (although tabs may not make it across the email
so it is attached as well):
--- openssl-1.0.1f_ORIG/crypto/aes/asm/vpaes-x86_64.pl 2014-03-11
16:48:36.329545015 -0400
+++ openssl-1.0.1f/crypto/aes/asm/vpaes-x86_64.pl 2014-03-11
16:48:36.329545015 -0400
@@ -1060,7 +1060,7 @@
.Lk_dsbo: # decryption sbox final output
.quad 0x1387EA537EF94000, 0xC7AA6DB9D4943E2D
.quad 0x12D7560F93441D00, 0xCA4B8159D8C58E9C
-.asciz "Vector Permutaion AES for x86_64/SSSE3, Mike Hamburg
(Stanford University)"
+.asciz "Vector Permutation AES for x86_64/SSSE3, Mike Hamburg
(Stanford University)"
.align 64
.size _vpaes_consts,.-_vpaes_consts
___
On Tue, Mar 11, 2014 at 4:20 PM, Wally <[email protected]> wrote:
> Quite possibly. It is still a typo though ;-) I've notified the folks on
> the rkhunter mailing list as well. Seeing a warning that your sshd daemon
> has been possibly trojaned can cause a heart beat skip ;-) Thanks for
> checking.
>
>
> On Tue, Mar 11, 2014 at 3:10 PM, Steven Kneizys <[email protected]>
> wrote:
>>
>> I am actually thinking this is an rkhunter bug! :-)
>>
>>
>> On Tue, Mar 11, 2014 at 4:06 PM, Wally <[email protected]> wrote:
>>>
>>> Hi Steve,
>>>
>>> I believe there are few other files that contain "aion" but I think
>>> they're just comments and don't end up as strings in the compiled file. If
>>> you do a find | grep you'll see the other files. I'm not sure how rkhunter
>>> fully works yet. I ended up correcting the typo and recompiling. Now
>>> rkhunter no longer throws the warning.
>>>
>>> Wally
>>>
>>>
>>> On Tue, Mar 11, 2014 at 2:54 PM, Steven Kneizys <[email protected]>
>>> wrote:
>>>>
>>>> I see that in the source:
>>>>
>>>> .asciz "Vector Permutaion AES for x86_64/SSSE3, Mike Hamburg (Stanford
>>>> University)"
>>>>
>>>> And should be:
>>>>
>>>> .asciz "Vector Permutation AES for x86_64/SSSE3, Mike Hamburg (Stanford
>>>> University)"
>>>>
>>>> I am just wondering why that rkhunter would possibly think that was a
>>>> vulnerability!
>>>>
>>>> Steve...
>>>>
>>>>
>>>> On Tue, Mar 11, 2014 at 3:12 PM, Wally <[email protected]> wrote:
>>>>>
>>>>> Greetings. I have compiled openssh 6.5p1, openssl 1.0.1f and rkhunter
>>>>> 1.4.2.
>>>>>
>>>>> Rkhunter shows the following message:
>>>>> [ Warning ]Found string 'aion' in file '/usr/sbin/sshd'. Possible
>>>>> rootkit: Trojaned SSH daemon
>>>>>
>>>>> OpenSSH is compiled with OpenSSL support, and the string "aion" that is
>>>>> identified as a possible root kit by rkhunter is found inside
>>>>> "openssl-1.0.1f/crypto/aes/asm/vpaes-x86_64.pl" file. It looks like a
>>>>> simple typo on line 1063. Could the developers please take a look and
>>>>> possibly repackage the release?
>>>>>
>>>>> Thanks
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Steve Kneizys
>>>> Senior Business Process Engineer
>>>> Voice: (610) 256-1396 [For Emergency Service (888)864-3282]
>>>> Ferrilli Information Group -- Quality Service and Solutions for Higher
>>>> Education
>>>> web: http://www.ferrilli.com/
>>>>
>>>> Making you a success while exceeding your expectations.
>>>
>>>
>>
>>
>>
>> --
>> Steve Kneizys
>> Senior Business Process Engineer
>> Voice: (610) 256-1396 [For Emergency Service (888)864-3282]
>> Ferrilli Information Group -- Quality Service and Solutions for Higher
>> Education
>> web: http://www.ferrilli.com/
>>
>> Making you a success while exceeding your expectations.
>
>
--
Steve Kneizys
Senior Business Process Engineer
Voice: (610) 256-1396 [For Emergency Service (888)864-3282]
Ferrilli Information Group -- Quality Service and Solutions for Higher Education
web: http://www.ferrilli.com/
Making you a success while exceeding your expectations.
--- openssl-1.0.1f_ORIG/crypto/aes/asm/vpaes-x86_64.pl 2014-03-11
16:48:36.329545015 -0400
+++ openssl-1.0.1f/crypto/aes/asm/vpaes-x86_64.pl 2014-03-11
16:48:36.329545015 -0400
@@ -1060,7 +1060,7 @@
.Lk_dsbo: # decryption sbox final output
.quad 0x1387EA537EF94000, 0xC7AA6DB9D4943E2D
.quad 0x12D7560F93441D00, 0xCA4B8159D8C58E9C
-.asciz "Vector Permutaion AES for x86_64/SSSE3, Mike Hamburg (Stanford
University)"
+.asciz "Vector Permutation AES for x86_64/SSSE3, Mike Hamburg (Stanford
University)"
.align 64
.size _vpaes_consts,.-_vpaes_consts
___
