From owner-freebsd-security Thu Aug 1 4:35: 9 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 724DF37B400 for ; Thu, 1 Aug 2002 04:35:01 -0700 (PDT) Received: from yoda.bph.ruhr-uni-bochum.de (yoda.bph.ruhr-uni-bochum.de [134.147.196.7]) by mx1.FreeBSD.org (Postfix) with ESMTP id 71C1743E4A for ; Thu, 1 Aug 2002 04:35:00 -0700 (PDT) (envelope-from cwe@bph.ruhr-uni-bochum.de) Received: from gonzo (gonzo [134.147.196.22]) by yoda.bph.ruhr-uni-bochum.de (8.8.8/8.8.8) with SMTP id NAA00576; Thu, 1 Aug 2002 13:34:52 +0200 From: Christoph Wegener To: Mario Pranjic Cc: Shunichi Konno , Mario Pranjic , freebsd-security@FreeBSD.ORG Date: Thu, 01 Aug 2002 13:34:51 +0200 X-Priority: 3 (Normal) Organization: Lehrstuhl fuer Biophysik - Ruhr-Universitaet Bochum In-Reply-To: Message-Id: <1TZW96USXWA5PMB982KGRN1VVT72RNOL.3d491cdb@gonzo> Subject: Re: openssh-3.4p1.tar.gz trojaned MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" X-Mailer: Opera 6.04 build 1135 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, well as I mentioned in one of my earlier mails, the tarball on the openbsd repositories are exchanged and infected with a trojan. So it is clear that the version you just downloaded is infected... Christoph 1.8.2002 13:07:51, Mario Pranjic wrote: >On Thu, 1 Aug 2002, Christoph Wegener wrote: > >> Date: Thu, 01 Aug 2002 12:55:46 +0200 >> From: Christoph Wegener >> To: Shunichi Konno , >> Mario Pranjic >> Cc: freebsd-security@FreeBSD.ORG >> Subject: Re: openssh-3.4p1.tar.gz trojaned >> >> Hi, >> but be careful: you have to check it with the original tgz-file, cause the shellscript removes its existence itself from the archive once you >> have installed. So taking your tree and making a tgz is NO solution to test... > >tar tzf openssh-3.4.tgz | less > >In my distfiles, I find no sign of bf-test.c. > >When i did: >make fetch; make checksum in openssh ports dir I got the checksum >mismatch and I found the bf-test.c: >ssh/ssh-keygen/bf-test.c > >My old md5 (from which openssh ports is compiled: >MD5 (openssh-3.4.tgz) = 39659226ff5b0d16d0290b21f67c46f2 > >New (just downloaded) openssh source: >MD5 (openssh-3.4.tgz) = bda7c80825d9d9f35f17046ed90e1b0a > >This one DOES contain bf-test.c file. > >Any ideas what is going on? > > >Mario Pranjic, dipl.ing. >sistem administrator >Knjiznica, Institut Rudjer Boskovic >------------------------------------- >e-mail: mario.pranjic@irb.hr >ICQ: 72059629 >tel: +385 1 45 60 954 (interni: 1293) >------------------------------------- > > > > -- .-. Ruhr-Universitaet Bochum /v\ L I N U X Lehrstuhl fuer Biophysik // \\ >Penguin Computing< c/o Christoph Wegener /( )\ Gebaeude ND 04/Nord ^^-^^ D-44780 Bochum, GERMANY Tel: +49 (234) 32-25754 Fax: +49 (234) 32-14626 mailto:cwe@bph.ruhr-uni-bochum.de http://www.bph.ruhr-uni-bochum.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message