From owner-freebsd-security  Thu Aug  1  4:11:48 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id AF30137B400
	for <freebsd-security@FreeBSD.ORG>; Thu,  1 Aug 2002 04:11:43 -0700 (PDT)
Received: from nippur.irb.hr (nippur.irb.hr [161.53.128.127])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7C00E43E5E
	for <freebsd-security@FreeBSD.ORG>; Thu,  1 Aug 2002 04:11:42 -0700 (PDT)
	(envelope-from mario.pranjic@irb.hr)
Received: from localhost (keeper@localhost)
	by nippur.irb.hr (8.9.3/8.9.3) with ESMTP id NAA26546;
	Thu, 1 Aug 2002 13:07:51 +0200 (MET DST)
Date: Thu, 1 Aug 2002 13:07:51 +0200 (MET DST)
From: Mario Pranjic <mario.pranjic@irb.hr>
To: Christoph Wegener <cwe@bph.ruhr-uni-bochum.de>
Cc: Shunichi Konno <konno@hal.rcast.u-tokyo.ac.jp>,
	Mario Pranjic <mario.pranjic@irb.hr>, <freebsd-security@FreeBSD.ORG>
Subject: Re: openssh-3.4p1.tar.gz trojaned
In-Reply-To: <U73JDVU9YX4WC09FDMIQMUR05DBLI.3d4913b2@gonzo>
Message-ID: <Pine.GSO.4.32.0208011259550.26397-100000@nippur.irb.hr>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Thu, 1 Aug 2002, Christoph Wegener wrote:

> Date: Thu, 01 Aug 2002 12:55:46 +0200
> From: Christoph Wegener <cwe@bph.ruhr-uni-bochum.de>
> To: Shunichi Konno <konno@hal.rcast.u-tokyo.ac.jp>,
>      Mario Pranjic <mario.pranjic@irb.hr>
> Cc: freebsd-security@FreeBSD.ORG
> Subject: Re: openssh-3.4p1.tar.gz trojaned
>
> Hi,
> but be careful: you have to check it with the original tgz-file, cause the shellscript removes its existence itself from the archive once you
> have installed. So taking your tree and making a tgz is NO solution to test...

tar tzf openssh-3.4.tgz | less

In my distfiles, I find no sign of bf-test.c.

When i did:
make fetch; make checksum in openssh ports dir I got the checksum
mismatch and I found the bf-test.c:
ssh/ssh-keygen/bf-test.c

My old md5 (from which openssh ports is compiled:
MD5 (openssh-3.4.tgz) = 39659226ff5b0d16d0290b21f67c46f2

New (just downloaded) openssh source:
MD5 (openssh-3.4.tgz) = bda7c80825d9d9f35f17046ed90e1b0a

This one DOES contain bf-test.c file.

Any ideas what is going on?


Mario Pranjic, dipl.ing.
sistem administrator
Knjiznica, Institut Rudjer Boskovic
-------------------------------------
e-mail: mario.pranjic@irb.hr
ICQ: 72059629
tel: +385 1 45 60 954 (interni: 1293)
-------------------------------------




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message