Vulnerability Development mailing list archives

RE: ssh trojaned

From: "Rory Savage" <rsavage () nandomedia com>
Date: Fri, 2 Aug 2002 11:24:49 -0400

The copy I retrieved from openbsd.org was not infected.  Was there site
hacked since
the original release of 3.4p1?  Can anyone explain why the code was tampered
with?

-----Original Message-----
From: Fabrizio Siciliano [mailto:fsiciliano () optiumcorp net]
Sent: Thursday, August 01, 2002 2:22 PM
To: Steve Wright; vuln-dev () securityfocus com
Cc: bugtraq () securityfocus com
Subject: RE: ssh trojaned

The copy over at http:// packetstorm.linuxsecurity.com is not infected.

./fab

-----Original Message-----
From: Steve Wright [mailto:stevew () cwazy co uk]
Sent: Thursday, August 01, 2002 6:49 AM
To: vuln-dev () securityfocus com
Subject: ssh trojaned

Hello,

I'm no programmer so I'm hoping someone can confirm this for
me.. I am correct in thinking the trojan currently in OpenSSH
portable 3.4p1 only
runs during compilation ?

ie a copy of ssh compiled using this source will not have
anything nasty
build into it ?

Thanks,
Steve.

Current thread:

ssh trojaned Steve Wright (Aug 01)
- Re: ssh trojaned Ron DuFresne (Aug 02)
  - Re: ssh trojaned Dan Cuthbert (Aug 02)
- <Possible follow-ups>
- Re: ssh trojaned Eirik Seim (Aug 02)
- RE: ssh trojaned Fabrizio Siciliano (Aug 02)
  - RE: ssh trojaned Rory Savage (Aug 02)
- Re: Re: ssh trojaned wozz (Aug 02)
  - RE: Re: ssh trojaned Joe Harrison (Aug 03)
  - Re: Re: ssh trojaned Nick Lange (Aug 05)
    - Re: ssh trojaned loki_ (Aug 05)
    - Re: ssh trojaned Nick Lange (Aug 05)
    - Re: ssh trojaned Joakim Andersson (Aug 05)
    - Re: ssh trojaned Clemens 'Gullevek' Schwaighofer (Aug 06)
    - Re: ssh trojaned Andreas Krennmair (Aug 06)
    - Re: ssh trojaned Alex Lambert (Aug 06)
    - Message not available
    - Re: ssh trojaned Clemens 'Gullevek' Schwaighofer (Aug 07)

(Thread continues...)