Date: Thu, 1 Aug 2002 17:31:26 +0200 From: Udo Schweigert <udo.schweigert@siemens.com> To: chad <chad@evolvs.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: openssh-3.4p1.tar.gz trojaned Message-ID: <20020801153126.GA2245@alaska.cert.siemens.de> In-Reply-To: <41JEYTHBOJMJA6RPKI73QOYTS62HCC7.3d495286@quaker> References: <20020801201132.98EF.KONNO@hal.rcast.u-tokyo.ac.jp> <41JEYTHBOJMJA6RPKI73QOYTS62HCC7.3d495286@quaker>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Aug 01, 2002 at 09:23:50 -0600, chad wrote: > I just upgraded my OpenBSD 3.0 machine to OpenSSH 3.4 last night. > I downloaded openssh-3.4.tgz ( notice not p1 ). The MD5 I got was > > MD5 (openssh-3.4.tgz) = bda7c80825d9d9f35f17046ed90e1b0a > > And look : > > [root@superfrink /root/upgrades]# tar -tzf openssh-3.4.tgz | grep bf > ssh/ssh-keygen/bf-test.c > > And then: > > [root@superfrink /root/upgrades]# head -5 ssh/ssh-keygen/bf-test.c > /* > * Blowfish input vectors are handled incorrectly on HP-UX PL.2 systems. > * Perform routine compatability checks. > */ ##include <stdio.h> > > So I guess It's not just openssh-3.4p1.tar.gz that is trojaned. > The following changes occured to ftp.openssh.com: Old size -> new size name 398595 -> 401466 openssh-3.4.tgz 822567 -> 825630 portable/openssh-3.2.2p1.tar.gz 837668 -> 840574 portable/openssh-3.4p1.tar.gz So the portable versions 3.4 and 3.2.2 as well as the "native" 3.4 were affected. Meanwhile all 3 have been replaced by the original versions. Best regards -- Udo Schweigert, Siemens AG | Voice : +49 89 636 42170 CT IC CERT, Siemens CERT | Fax : +49 89 636 41166 D-81730 Muenchen / Germany | email : udo.schweigert@siemens.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020801153126.GA2245>