From owner-freebsd-security Thu Aug 1 2:20:32 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6905C37B400 for ; Thu, 1 Aug 2002 02:20:30 -0700 (PDT) Received: from yoda.bph.ruhr-uni-bochum.de (yoda.bph.ruhr-uni-bochum.de [134.147.196.7]) by mx1.FreeBSD.org (Postfix) with ESMTP id CC94043E72 for ; Thu, 1 Aug 2002 02:20:27 -0700 (PDT) (envelope-from cwe@bph.ruhr-uni-bochum.de) Received: from gonzo (gonzo [134.147.196.22]) by yoda.bph.ruhr-uni-bochum.de (8.8.8/8.8.8) with SMTP id LAA26793; Thu, 1 Aug 2002 11:20:22 +0200 From: Christoph Wegener To: freebsd-security@freebsd.org Date: Thu, 01 Aug 2002 11:20:21 +0200 X-Priority: 3 (Normal) Message-Id: Subject: Re: openssh trojan (alert) MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" X-Mailer: Opera 6.04 build 1135 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi everybody, I just checked it double: YES the openssh-3.4p1.tar.gz on ftp.openbsd.org is TROJANED!!! I downloaded our versions here just after there were released from the OpenSSH team, these ones seem to be clean. BUT: The version which is actually available on ftp.openbsd.org is NOT clean! Or did I make a mistake in my analysis?!? So is this the time to say good bye to OpenSSH?!? ;)) Christoph -- .-. Ruhr-Universitaet Bochum /v\ L I N U X Lehrstuhl fuer Biophysik // \\ >Penguin Computing< c/o Christoph Wegener /( )\ Gebaeude ND 04/Nord ^^-^^ D-44780 Bochum, GERMANY Tel: +49 (234) 32-25754 Fax: +49 (234) 32-14626 mailto:cwe@bph.ruhr-uni-bochum.de http://www.bph.ruhr-uni-bochum.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message