From owner-freebsd-security Thu Aug 1 8:31:37 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B2D9B37B400 for ; Thu, 1 Aug 2002 08:31:31 -0700 (PDT) Received: from thoth.sbs.de (thoth.sbs.de [192.35.17.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7D8B443E42 for ; Thu, 1 Aug 2002 08:31:30 -0700 (PDT) (envelope-from ust@cert.siemens.de) Received: from mail1.siemens.de (mail1.siemens.de [139.23.33.14]) by thoth.sbs.de (8.11.6/8.11.6) with ESMTP id g71FVQE16809; Thu, 1 Aug 2002 17:31:27 +0200 (MEST) Received: from mars.cert.siemens.de (ust.mchp.siemens.de [139.23.201.17]) by mail1.siemens.de (8.11.6/8.11.6) with ESMTP id g71FVQU13204; Thu, 1 Aug 2002 17:31:26 +0200 (MEST) Received: from alaska.cert.siemens.de (alaska.cert.siemens.de [139.23.202.134]) by mars.cert.siemens.de (8.12.5/8.12.5/Siemens CERT [ $Revision: 1.25 ]) with ESMTP id g71FVQoB000625; Thu, 1 Aug 2002 17:31:26 +0200 (CEST) (envelope-from ust@alaska.cert.siemens.de) Received: from alaska.cert.siemens.de (alaska.cert.siemens.de [127.0.0.1]) by alaska.cert.siemens.de (8.12.5/8.12.5/alaska [ $Revision: 1.14 ]) with ESMTP id g71FVQqa002557; Thu, 1 Aug 2002 17:31:26 +0200 (CEST) (envelope-from ust@alaska.cert.siemens.de) Received: (from ust@localhost) by alaska.cert.siemens.de (8.12.5/8.12.5/alaska [ $Revision: 1.3 ]) id g71FVQrV002556; Thu, 1 Aug 2002 17:31:26 +0200 (CEST) (envelope-from ust) Date: Thu, 1 Aug 2002 17:31:26 +0200 From: Udo Schweigert To: chad Cc: freebsd-security@FreeBSD.ORG Subject: Re: openssh-3.4p1.tar.gz trojaned Message-ID: <20020801153126.GA2245@alaska.cert.siemens.de> References: <20020801201132.98EF.KONNO@hal.rcast.u-tokyo.ac.jp> <41JEYTHBOJMJA6RPKI73QOYTS62HCC7.3d495286@quaker> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-15 Content-Disposition: inline In-Reply-To: <41JEYTHBOJMJA6RPKI73QOYTS62HCC7.3d495286@quaker> X-Operating-System: FreeBSD 4.6-STABLE User-Agent: Mutt/1.5.1i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, Aug 01, 2002 at 09:23:50 -0600, chad wrote: > I just upgraded my OpenBSD 3.0 machine to OpenSSH 3.4 last night. > I downloaded openssh-3.4.tgz ( notice not p1 ). The MD5 I got was > > MD5 (openssh-3.4.tgz) = bda7c80825d9d9f35f17046ed90e1b0a > > And look : > > [root@superfrink /root/upgrades]# tar -tzf openssh-3.4.tgz | grep bf > ssh/ssh-keygen/bf-test.c > > And then: > > [root@superfrink /root/upgrades]# head -5 ssh/ssh-keygen/bf-test.c > /* > * Blowfish input vectors are handled incorrectly on HP-UX PL.2 systems. > * Perform routine compatability checks. > */ ##include > > So I guess It's not just openssh-3.4p1.tar.gz that is trojaned. > The following changes occured to ftp.openssh.com: Old size -> new size name 398595 -> 401466 openssh-3.4.tgz 822567 -> 825630 portable/openssh-3.2.2p1.tar.gz 837668 -> 840574 portable/openssh-3.4p1.tar.gz So the portable versions 3.4 and 3.2.2 as well as the "native" 3.4 were affected. Meanwhile all 3 have been replaced by the original versions. Best regards -- Udo Schweigert, Siemens AG | Voice : +49 89 636 42170 CT IC CERT, Siemens CERT | Fax : +49 89 636 41166 D-81730 Muenchen / Germany | email : udo.schweigert@siemens.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message