From owner-freebsd-security  Thu Aug  1  5:23:47 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id EE91B37B481
	for <freebsd-security@FreeBSD.ORG>; Thu,  1 Aug 2002 05:23:21 -0700 (PDT)
Received: from yoda.bph.ruhr-uni-bochum.de (yoda.bph.ruhr-uni-bochum.de [134.147.196.7])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 86E1043E42
	for <freebsd-security@FreeBSD.ORG>; Thu,  1 Aug 2002 05:23:20 -0700 (PDT)
	(envelope-from cwe@bph.ruhr-uni-bochum.de)
Received: from gonzo (gonzo [134.147.196.22])
	by yoda.bph.ruhr-uni-bochum.de (8.8.8/8.8.8) with SMTP id OAA01977;
	Thu, 1 Aug 2002 14:23:15 +0200
From: Christoph Wegener <cwe@bph.ruhr-uni-bochum.de>
To: Mario Pranjic <mario.pranjic@irb.hr>
Cc: freebsd-security@FreeBSD.ORG
Date: Thu, 01 Aug 2002 14:23:14 +0200
X-Priority: 3 (Normal)
Organization: Lehrstuhl fuer Biophysik - Ruhr-Universitaet Bochum 
In-Reply-To: <Pine.GSO.4.32.0208011335560.26397-100000@nippur.irb.hr>
Message-Id: <V832ZC7PYXVTB61W2X543MH96WS4W.3d492832@gonzo>
Subject: Re: openssh-3.4p1.tar.gz trojaned
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
X-Mailer: Opera 6.04 build 1135
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Hi again,
yes you are right: I agree that the version on the ftp-server must have been changed during the last 24 hours - so you _might_ be safe... 
But who can guaranty that... :(( AFAIK: if you don not have the trojan in the origin tarball this is a good indicator for being safe...

Just my 2 cents...cheers
Christoph

1.8.2002 13:40:56, Mario Pranjic <mario.pranjic@irb.hr> wrote:

>Of course. I understand that.
>
>But, I wanted your opinion about the openssh that installed yesterday (or
>the day before, not so sure right now).
>
>It has the right md5 checksum and no trojan file in tarball.
>
>If I got it right, openssh source tarball has changed in past 24 hourhs on
>ftp.openbsd.org and that one is infected.
>
>If so, I installed the clean version before the one with trojan was put on
>ftp server.
>
>We'll see what will the maintainer say about it (dinoex@FreeBSD.org).
--
    .-.                             Ruhr-Universitaet Bochum
    /v\    L   I   N   U   X        Lehrstuhl fuer Biophysik
   // \\  >Penguin Computing<       c/o Christoph Wegener
  /(   )\                           Gebaeude ND 04/Nord
   ^^-^^                            D-44780 Bochum, GERMANY

Tel: +49 (234) 32-25754             Fax: +49 (234) 32-14626
mailto:cwe@bph.ruhr-uni-bochum.de   http://www.bph.ruhr-uni-bochum.de





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message