Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 01 Aug 2002 13:34:51 +0200
From:      Christoph Wegener <cwe@bph.ruhr-uni-bochum.de>
To:        Mario Pranjic <mario.pranjic@irb.hr>
Cc:        Shunichi Konno <konno@hal.rcast.u-tokyo.ac.jp>, Mario Pranjic <mario.pranjic@irb.hr>, freebsd-security@FreeBSD.ORG
Subject:   Re: openssh-3.4p1.tar.gz trojaned
Message-ID:  <1TZW96USXWA5PMB982KGRN1VVT72RNOL.3d491cdb@gonzo>
In-Reply-To: <Pine.GSO.4.32.0208011259550.26397-100000@nippur.irb.hr>
next in thread | previous in thread | raw e-mail | index | archive | help 

Hi,
well as I mentioned in one of my earlier mails, the tarball on the openbsd repositories are exchanged and infected with a trojan. So it is clear 
that the version you just downloaded is infected...

Christoph

1.8.2002 13:07:51, Mario Pranjic <mario.pranjic@irb.hr> wrote:

>On Thu, 1 Aug 2002, Christoph Wegener wrote:
>
>> Date: Thu, 01 Aug 2002 12:55:46 +0200
>> From: Christoph Wegener <cwe@bph.ruhr-uni-bochum.de>
>> To: Shunichi Konno <konno@hal.rcast.u-tokyo.ac.jp>,
>>      Mario Pranjic <mario.pranjic@irb.hr>
>> Cc: freebsd-security@FreeBSD.ORG
>> Subject: Re: openssh-3.4p1.tar.gz trojaned
>>
>> Hi,
>> but be careful: you have to check it with the original tgz-file, cause the shellscript removes its existence itself from the archive once you
>> have installed. So taking your tree and making a tgz is NO solution to test...
>
>tar tzf openssh-3.4.tgz | less
>
>In my distfiles, I find no sign of bf-test.c.
>
>When i did:
>make fetch; make checksum in openssh ports dir I got the checksum
>mismatch and I found the bf-test.c:
>ssh/ssh-keygen/bf-test.c
>
>My old md5 (from which openssh ports is compiled:
>MD5 (openssh-3.4.tgz) = 39659226ff5b0d16d0290b21f67c46f2
>
>New (just downloaded) openssh source:
>MD5 (openssh-3.4.tgz) = bda7c80825d9d9f35f17046ed90e1b0a
>
>This one DOES contain bf-test.c file.
>
>Any ideas what is going on?
>
>
>Mario Pranjic, dipl.ing.
>sistem administrator
>Knjiznica, Institut Rudjer Boskovic
>-------------------------------------
>e-mail: mario.pranjic@irb.hr
>ICQ: 72059629
>tel: +385 1 45 60 954 (interni: 1293)
>-------------------------------------
>
>
>
>

--
    .-.                             Ruhr-Universitaet Bochum
    /v\    L   I   N   U   X        Lehrstuhl fuer Biophysik
   // \\  >Penguin Computing<       c/o Christoph Wegener
  /(   )\                           Gebaeude ND 04/Nord
   ^^-^^                            D-44780 Bochum, GERMANY

Tel: +49 (234) 32-25754             Fax: +49 (234) 32-14626
mailto:cwe@bph.ruhr-uni-bochum.de   http://www.bph.ruhr-uni-bochum.de





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1TZW96USXWA5PMB982KGRN1VVT72RNOL.3d491cdb>