From owner-freebsd-security Thu Aug 1 16:58:19 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 97D7537B400 for ; Thu, 1 Aug 2002 16:58:16 -0700 (PDT) Received: from goofy.epylon.com (ip216-203-220-162.z220-203-216.customer.algx.net [216.203.220.162]) by mx1.FreeBSD.org (Postfix) with ESMTP id D2E5C43E65 for ; Thu, 1 Aug 2002 16:58:15 -0700 (PDT) (envelope-from jdicioccio@epylon.com) Received: by goofy.epylon.lan with Internet Mail Service (5.5.2653.19) id ; Thu, 1 Aug 2002 16:58:15 -0700 Message-ID: <657B20E93E93D4118F9700D0B73CE3EA02FFF649@goofy.epylon.lan> From: "DiCioccio, Jason" To: 'Joshua Lee' , Artur Lindgren Cc: freebsd-security@FreeBSD.ORG Subject: RE: Trojan located in latest openssh tar files Date: Thu, 1 Aug 2002 16:58:14 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Neither -- unless you tell it to ignore the checksum on the port. As far as the source tree, OpenSSH 3.4 was imported a while back, so I don't think the same problem would exist as the trojan seemed to originate yesterday. Cheers, - -JD- - -----Original Message----- From: Joshua Lee [mailto:yid@softhome.net] Sent: Thursday, August 01, 2002 4:38 PM To: Artur Lindgren Cc: freebsd-security@FreeBSD.ORG Subject: Re: Trojan located in latest openssh tar files On Thu, 1 Aug 2002 14:11:24 +0200 Artur Lindgren wrote: > I noticed that openssh-3.4p has a trojan horse (available from > >ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-3.4p1.tar. > >gz > and some of the mirrors. Is this a problem for someone who makes world with FreeBSD and gets OpenSSH from the source tree or only for people who get OpenSSH via ports? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQA/AwUBPUnLOTKUHizV76d/EQLKngCgp0OoF/F0dNTAEDhXr5M5bYoBqXgAn2bX E+OcZTZ+1VGVNUXzKauaKK9k =br5K -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message