From: Eric Noack <eric.noack@gmx.de>
To: gentoo-dev@gentoo.org
Subject: Re: [gentoo-dev] possible trojan in openssh-3.4p1
Date: Thu, 1 Aug 2002 12:10:11 +0200 [thread overview]
Message-ID: <20020801121011.198cfa7f.eric.noack@gmx.de> (raw)
In-Reply-To: <1028193533.12255.17.camel@uranus.u235.eyep.net>
Am 01 Aug 2002 12:18:53 +0300
schrieb Vitaly Kushneriuk <vitaly_kushneriuk@yahoo.com>:
> It's indeed looks like a trojan. It doesn't send you'r etc/passwd tho.
> It connects to the 203.62.158.32[web.snsonline.net.] port 6667[irc]
> and opens shell session on that connection, so that whoever is in
> control there will be able to execute arbitraty commands on your system
> with you'r current privileges. especialy dangerouus if you compile as
> root.
im not so big into the code, but the file @ ibiblio.org seems to be ok
ftp://ibiblio.org/pub/Linux/distributions/gentoo/distfiles/openssh-3.4p1.tar.gz
-rw-r--r-- 1 raven users 837668 08-01 12:06
openssh-3.4p1.tar.gz.ibiblio.org
-rw-r--r-- 1 raven users 840574 08-01 11:46 openssh-3.4p1.tar.gz.dangerous_from.ftp.openbsd.org
-rw-r--r-- 1 root root 837668 08-01 11:35
openssh-3.4p1.tar.gz.ok
see the different sizes? interesting. that says enough.
however the file mentionen (openbsd-compat/bf-test.c) doesnt exist in the ibiblio version
so i hope this one is clean.
such thing must never happen!
Corvus Corax
next prev parent reply other threads:[~2002-08-01 10:10 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-08-01 8:37 [gentoo-dev] possible trojan in openssh-3.4p1 Rob Kaper
2002-08-01 8:46 ` Rob Kaper
2002-08-01 9:18 ` Vitaly Kushneriuk
2002-08-01 10:10 ` Eric Noack [this message]
2002-08-01 10:34 ` Terje Kvernes
2002-08-01 10:47 ` Rob Kaper
2002-08-01 10:56 ` Terje Kvernes
[not found] ` <200208011505.42361.bastiaf@gmx.de>
2002-08-01 13:35 ` Terje Kvernes
2002-08-01 13:39 ` Rob Kaper
2002-08-01 21:17 ` Spider
2002-08-02 7:36 ` Johannes Findeisen
2002-08-02 12:18 ` [gentoo-dev] " A.Waschbuesch
2002-08-02 12:02 ` Johannes Findeisen
2002-08-03 10:40 ` [gentoo-dev] " A.Waschbuesch
2002-08-03 16:09 ` [gentoo-dev] " Jean-Michel Smith
2002-08-03 17:19 ` [gentoo-dev] " A.Waschbuesch
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20020801121011.198cfa7f.eric.noack@gmx.de \
--to=eric.noack@gmx.de \
--cc=gentoo-dev@gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox