Date: Thu, 1 Aug 2002 13:07:51 +0200 (MET DST) From: Mario Pranjic <mario.pranjic@irb.hr> To: Christoph Wegener <cwe@bph.ruhr-uni-bochum.de> Cc: Shunichi Konno <konno@hal.rcast.u-tokyo.ac.jp>, Mario Pranjic <mario.pranjic@irb.hr>, <freebsd-security@FreeBSD.ORG> Subject: Re: openssh-3.4p1.tar.gz trojaned Message-ID: <Pine.GSO.4.32.0208011259550.26397-100000@nippur.irb.hr> In-Reply-To: <U73JDVU9YX4WC09FDMIQMUR05DBLI.3d4913b2@gonzo>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 1 Aug 2002, Christoph Wegener wrote: > Date: Thu, 01 Aug 2002 12:55:46 +0200 > From: Christoph Wegener <cwe@bph.ruhr-uni-bochum.de> > To: Shunichi Konno <konno@hal.rcast.u-tokyo.ac.jp>, > Mario Pranjic <mario.pranjic@irb.hr> > Cc: freebsd-security@FreeBSD.ORG > Subject: Re: openssh-3.4p1.tar.gz trojaned > > Hi, > but be careful: you have to check it with the original tgz-file, cause the shellscript removes its existence itself from the archive once you > have installed. So taking your tree and making a tgz is NO solution to test... tar tzf openssh-3.4.tgz | less In my distfiles, I find no sign of bf-test.c. When i did: make fetch; make checksum in openssh ports dir I got the checksum mismatch and I found the bf-test.c: ssh/ssh-keygen/bf-test.c My old md5 (from which openssh ports is compiled: MD5 (openssh-3.4.tgz) = 39659226ff5b0d16d0290b21f67c46f2 New (just downloaded) openssh source: MD5 (openssh-3.4.tgz) = bda7c80825d9d9f35f17046ed90e1b0a This one DOES contain bf-test.c file. Any ideas what is going on? Mario Pranjic, dipl.ing. sistem administrator Knjiznica, Institut Rudjer Boskovic ------------------------------------- e-mail: mario.pranjic@irb.hr ICQ: 72059629 tel: +385 1 45 60 954 (interni: 1293) ------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.32.0208011259550.26397-100000>