Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 01 Aug 2002 09:23:50 -0600
From:      chad <chad@evolvs.com>
To:        freebsd-security@FreeBSD.ORG
Subject:   Re: openssh-3.4p1.tar.gz trojaned
Message-ID:  <41JEYTHBOJMJA6RPKI73QOYTS62HCC7.3d495286@quaker>
In-Reply-To: <20020801201132.98EF.KONNO@hal.rcast.u-tokyo.ac.jp>
next in thread | previous in thread | raw e-mail | index | archive | help 

I just upgraded my OpenBSD 3.0 machine to OpenSSH 3.4 last night.
I downloaded openssh-3.4.tgz ( notice not p1 ).  The MD5 I got was

  MD5 (openssh-3.4.tgz) = bda7c80825d9d9f35f17046ed90e1b0a

And look :

  [root@superfrink /root/upgrades]# tar -tzf openssh-3.4.tgz | grep bf
  ssh/ssh-keygen/bf-test.c

And then:

  [root@superfrink /root/upgrades]# head -5 ssh/ssh-keygen/bf-test.c 
  /*
   * Blowfish input vectors are handled incorrectly on HP-UX PL.2 systems.
   * Perform routine compatability checks.
   */
  #include <stdio.h>

So I guess It's not just openssh-3.4p1.tar.gz that is trojaned.

/Chad


8/1/2002 5:19:52 AM, Shunichi Konno <konno@hal.rcast.u-tokyo.ac.jp> wrote:

>Hello.
>
>Thank you for your comment, but there was no such a problem. :)
>I checked it trojaned or not after I extracted openssh-3.4.tgz.
>
>And I know too, that "bf-test.out" which is the shell script made
>by bf-test.c, will change Makefile and Makefile.in, and remove
>bftest* like this:
>
>   grep -v -i bf-test Makefile.in > m.out ; cp m.out Makefile.in ; rm -f m.out
>   grep -v -i bf-test Makefile > m.out ; cp m.out Makefile ; rm -f m.out
>   rm -f bf-test*
>
>
>On Thu, 01 Aug 2002 12:55:46 +0200
>Christoph Wegener <cwe@bph.ruhr-uni-bochum.de> wrote:
>CW> but be careful: you have to check it with the original tgz-file, cause the shellscript removes its existence itself 
from the archive once you 
>CW> have installed. So taking your tree and making a tgz is NO solution to test...
>
>
>
>----------
>KONNO Shunichi <konno@hal.rcast.u-tokyo.ac.jp>




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41JEYTHBOJMJA6RPKI73QOYTS62HCC7.3d495286>