From: Rob Kaper <cap@capsi.com>
To: pvolkerdi@slackware.com
Cc: neil@qualityassistant.com, gentoo-dev@lists.gentoo.org,
kde-cafe@mail.kde.org
Subject: [gentoo-dev] possible trojan in openssh-3.4p1
Date: Thu, 1 Aug 2002 10:37:14 +0200 [thread overview]
Message-ID: <20020801103714.A26100@capsi.com> (raw)
Pat, Neil, Gentoo devs, KDE friends:
>From #kde-freebsd:
<knu> ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-3.4p1.tar.gz is trojaned
<tap> nothing on google either
<knu> steals /etc/passwd to send to a certain IRC network and removes itself
<Capzilla> knu : says who
<knu> see the code, but never run make
<knu> openbsd-compat/{Makefile.in,bf-test.c}
Looks like some weird stuff is in there indeed.
md5sum of the binary that appears to be trojaned:
3ac9bc346d736b4a51d676faa2a08a57 openssh-3.4p1.tar.gz
As far as I can see, compiled binaries are *not* affected, but you might
want to carefully examin this more closely (I'm waiting with upgradepkg en
emerge on my systems until there's some more info). We've had a few hoaxes
recently, but this looks suspicious.
My apologies if this is just a storm in a glass of water.
Rob
--
Rob Kaper | Gimme some love, gimme some skin,
cap@capsi.com | if we ain't got that then we ain't got much
www.capsi.com | and we ain't got nothing, nothing! -- "Nothing" by A
next reply other threads:[~2002-08-01 8:37 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-08-01 8:37 Rob Kaper [this message]
2002-08-01 8:46 ` [gentoo-dev] possible trojan in openssh-3.4p1 Rob Kaper
2002-08-01 9:18 ` Vitaly Kushneriuk
2002-08-01 10:10 ` Eric Noack
2002-08-01 10:34 ` Terje Kvernes
2002-08-01 10:47 ` Rob Kaper
2002-08-01 10:56 ` Terje Kvernes
[not found] ` <200208011505.42361.bastiaf@gmx.de>
2002-08-01 13:35 ` Terje Kvernes
2002-08-01 13:39 ` Rob Kaper
2002-08-01 21:17 ` Spider
2002-08-02 7:36 ` Johannes Findeisen
2002-08-02 12:18 ` [gentoo-dev] " A.Waschbuesch
2002-08-02 12:02 ` Johannes Findeisen
2002-08-03 10:40 ` [gentoo-dev] " A.Waschbuesch
2002-08-03 16:09 ` [gentoo-dev] " Jean-Michel Smith
2002-08-03 17:19 ` [gentoo-dev] " A.Waschbuesch
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20020801103714.A26100@capsi.com \
--to=cap@capsi.com \
--cc=gentoo-dev@lists.gentoo.org \
--cc=kde-cafe@mail.kde.org \
--cc=neil@qualityassistant.com \
--cc=pvolkerdi@slackware.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox