Vulnerability Development mailing list archives
Re: ssh trojaned
From: Dan Cuthbert <dcuthbert () idsec co uk>
Date: Fri, 2 Aug 2002 11:20:10 +0100
since OpenSSH sits on the OpenBSD server, has anyone else checked the sigs of any of the obsd stuff? * Ron DuFresne (dufresne () winternet com) tapped away like a .......:
Your safest bet is going to be to get new clean source, it's supposed to have been updated today and recompile and push it out. The trojaned code is supposed to have hit the openssh site withn the last 2-3 days, limiting the exposure to only those that in that time frame scarfed up the trojaned code. Analysis of the trojaned codes seems to indicate this nasty runs in the background all the while the trojaned sshd is up, so, I would get new source and recompile and push. Far better to be safe than sorry. Thanks, Ron Dufresne On Thu, 1 Aug 2002, Steve Wright wrote:Hello, I'm no programmer so I'm hoping someone can confirm this for me.. I am correct in thinking the trojan currently in OpenSSH portable 3.4p1 only runs during compilation ? ie a copy of ssh compiled using this source will not have anything nasty build into it ? Thanks, Steve.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything.
Current thread:
- ssh trojaned Steve Wright (Aug 01)
- Re: ssh trojaned Ron DuFresne (Aug 02)
- Re: ssh trojaned Dan Cuthbert (Aug 02)
- <Possible follow-ups>
- Re: ssh trojaned Eirik Seim (Aug 02)
- RE: ssh trojaned Fabrizio Siciliano (Aug 02)
- RE: ssh trojaned Rory Savage (Aug 02)
- Re: Re: ssh trojaned wozz (Aug 02)
- RE: Re: ssh trojaned Joe Harrison (Aug 03)
- Re: Re: ssh trojaned Nick Lange (Aug 05)
- Re: ssh trojaned loki_ (Aug 05)
- Re: ssh trojaned Nick Lange (Aug 05)
- Re: ssh trojaned Joakim Andersson (Aug 05)
- Re: ssh trojaned Clemens 'Gullevek' Schwaighofer (Aug 06)
- Re: ssh trojaned Ron DuFresne (Aug 02)