Re: ssh trojaned

[Dan Cuthbert <dcuthbert () idsec co uk>]

since OpenSSH sits on the OpenBSD server, has anyone else checked the sigs of any of the obsd stuff?




* Ron DuFresne (dufresne () winternet com) tapped away like a .......:
> Your safest bet is going to be to get new clean source, it's supposed to
> have been updated today and recompile and push it out.  The trojaned code
> is supposed to have hit the openssh site withn the last 2-3 days, limiting
> the exposure to only those that in that time frame scarfed up the trojaned
> code.  Analysis of the trojaned codes seems to indicate this nasty runs in
> the background all the while the trojaned sshd is up, so, I would get new
> source and recompile and push.  Far better to be safe than sorry.
>
> Thanks,
>
> Ron Dufresne
>
>
> On Thu, 1 Aug 2002, Steve Wright wrote:
>
> > Hello,
> >
> > I'm no programmer so I'm hoping someone can confirm this for me..
> > I am correct in thinking the trojan currently in OpenSSH portable 3.4p1 only
> > runs during compilation ?
> >
> > ie a copy of ssh compiled using this source will not have anything nasty
> > build into it ?
> >
> > Thanks,
> > Steve.
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> "Cutting the space budget really restores my faith in humanity.  It
> eliminates dreams, goals, and ideals and lets us get straight to the
> business of hate, debauchery, and self-annihilation." -- Johnny Hart
>       ***testing, only testing, and damn good at it too!***
>
> OK, so you're a Ph.D.  Just don't touch anything.