From owner-freebsd-security Thu Aug 1 8:23:55 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AB96E37B400 for ; Thu, 1 Aug 2002 08:23:51 -0700 (PDT) Received: from treebeardmail.webcorelabs.com (dns2.webcorelabs.com [209.115.232.141]) by mx1.FreeBSD.org (Postfix) with SMTP id DE66D43E42 for ; Thu, 1 Aug 2002 08:23:50 -0700 (PDT) (envelope-from chad@evolvs.com) Received: (qmail 1956 invoked by uid 0); 1 Aug 2002 15:23:50 -0000 Received: from unknown (HELO quaker) (209.115.232.130) by localhost with SMTP; 1 Aug 2002 15:23:50 -0000 From: chad To: freebsd-security@FreeBSD.ORG Date: Thu, 01 Aug 2002 09:23:50 -0600 X-Priority: 3 (Normal) Reply-To: chad@evolvs.com Organization: www.evolvs.com In-Reply-To: <20020801201132.98EF.KONNO@hal.rcast.u-tokyo.ac.jp> Message-Id: <41JEYTHBOJMJA6RPKI73QOYTS62HCC7.3d495286@quaker> Subject: Re: openssh-3.4p1.tar.gz trojaned MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" X-Mailer: Opera 6.03 build 1107 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I just upgraded my OpenBSD 3.0 machine to OpenSSH 3.4 last night. I downloaded openssh-3.4.tgz ( notice not p1 ). The MD5 I got was MD5 (openssh-3.4.tgz) = bda7c80825d9d9f35f17046ed90e1b0a And look : [root@superfrink /root/upgrades]# tar -tzf openssh-3.4.tgz | grep bf ssh/ssh-keygen/bf-test.c And then: [root@superfrink /root/upgrades]# head -5 ssh/ssh-keygen/bf-test.c /* * Blowfish input vectors are handled incorrectly on HP-UX PL.2 systems. * Perform routine compatability checks. */ #include So I guess It's not just openssh-3.4p1.tar.gz that is trojaned. /Chad 8/1/2002 5:19:52 AM, Shunichi Konno wrote: >Hello. > >Thank you for your comment, but there was no such a problem. :) >I checked it trojaned or not after I extracted openssh-3.4.tgz. > >And I know too, that "bf-test.out" which is the shell script made >by bf-test.c, will change Makefile and Makefile.in, and remove >bftest* like this: > > grep -v -i bf-test Makefile.in > m.out ; cp m.out Makefile.in ; rm -f m.out > grep -v -i bf-test Makefile > m.out ; cp m.out Makefile ; rm -f m.out > rm -f bf-test* > > >On Thu, 01 Aug 2002 12:55:46 +0200 >Christoph Wegener wrote: >CW> but be careful: you have to check it with the original tgz-file, cause the shellscript removes its existence itself from the archive once you >CW> have installed. So taking your tree and making a tgz is NO solution to test... > > > >---------- >KONNO Shunichi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message