Vulnerability Development mailing list archives
Re: ssh trojaned
From: Eirik Seim <default () stengt net>
Date: Thu, 1 Aug 2002 22:41:39 +0200 (CEST)
On Thu, 1 Aug 2002, Steve Wright wrote:
Hello, I'm no programmer so I'm hoping someone can confirm this for me.. I am correct in thinking the trojan currently in OpenSSH portable 3.4p1 only runs during compilation ?
From Christian Bahls' post on bugtraq, this trojan simply creates a file
called conftest.c, and tries repeatedly to compile and run it naming the binary after $USER's shell, during compilation of OpenSSH. Thats all.
ie a copy of ssh compiled using this source will not have anything nasty build into it ?
In plain english: No. Not from _this_ particular trojan. You should consider your system compromized as it could have been wide open while compiling, but before you panic, remember that this trojan was (according to Niels Provos in a recent post to bugtraq) inserted between 30. and 31. of July, and removed at 7AM MDT August 1st. If you didnt touch your OpenSSH install before 30. of July, and stay away from the mirrors until they're clean, you should be safe. Oh, and the guys that inserted the trojan might easily had access to more on the same ftp site, and subsequently also its mirrors. If you don't usually verify checksums, now is a great time to start doing so. - Eirik -- New and exciting signature!
Current thread:
- ssh trojaned Steve Wright (Aug 01)
- Re: ssh trojaned Ron DuFresne (Aug 02)
- Re: ssh trojaned Dan Cuthbert (Aug 02)
- <Possible follow-ups>
- Re: ssh trojaned Eirik Seim (Aug 02)
- RE: ssh trojaned Fabrizio Siciliano (Aug 02)
- RE: ssh trojaned Rory Savage (Aug 02)
- Re: Re: ssh trojaned wozz (Aug 02)
- RE: Re: ssh trojaned Joe Harrison (Aug 03)
- Re: Re: ssh trojaned Nick Lange (Aug 05)
- Re: ssh trojaned loki_ (Aug 05)
- Re: ssh trojaned Nick Lange (Aug 05)
- Re: ssh trojaned Joakim Andersson (Aug 05)
- Re: ssh trojaned Clemens 'Gullevek' Schwaighofer (Aug 06)
- Re: ssh trojaned Andreas Krennmair (Aug 06)
- Re: ssh trojaned Ron DuFresne (Aug 02)