From owner-freebsd-security  Thu Aug  1 20:12: 4 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 401B037B400
	for <freebsd-security@FreeBSD.ORG>; Thu,  1 Aug 2002 20:12:01 -0700 (PDT)
Received: from switchblade.cyberpunkz.org (switchblade.cyberpunkz.org [198.174.169.125])
	by mx1.FreeBSD.org (Postfix) with ESMTP id A342543E42
	for <freebsd-security@FreeBSD.ORG>; Thu,  1 Aug 2002 20:12:00 -0700 (PDT)
	(envelope-from rob@switchblade.cyberpunkz.org)
Received: from switchblade.cyberpunkz.org (rob@localhost [127.0.0.1])
	by switchblade.cyberpunkz.org (8.12.5/8.12.3) with ESMTP id g723Bsge088934
	for <freebsd-security@FreeBSD.ORG>; Thu, 1 Aug 2002 23:11:59 -0400 (EDT)
	(envelope-from rob@switchblade.cyberpunkz.org)
Posted-Date: Thu, 1 Aug 2002 23:11:59 -0400 (EDT)
Received: (from rob@localhost)
	by switchblade.cyberpunkz.org (8.12.5/8.12.3/Submit) id g723BriN085947
	for freebsd-security@FreeBSD.ORG; Thu, 1 Aug 2002 23:11:53 -0400 (EDT)?g
	(envelope-from rob)
Date: Thu, 1 Aug 2002 23:11:53 -0400
From: Rob Andrews <rob@cyberpunkz.org>
To: freebsd-security@FreeBSD.ORG
Subject: Re: CERT Advisory CA-2002-24 Trojan Horse OpenSSH Distribution (fwd)
Message-ID: <20020802031153.GB74929@switchblade.cyberpunkz.org>
References: <Pine.BSI.4.05L.10208011754400.28569-100000@rs.netgate.net> <xzpsn1y9ior.fsf@flood.ping.uio.no>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="zYM0uCDKw75PZbzx"
Content-Disposition: inline
In-Reply-To: <xzpsn1y9ior.fsf@flood.ping.uio.no>
User-Agent: Mutt/1.4i
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


--zYM0uCDKw75PZbzx
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

=2E- - - - - - Dag-Erling Smorgrav wrote (2002/08/01 at 09:02:48 PM) - - - =
- - -
|
|> Chris Miller <ctodd@netgate.net> writes:
|> > Are we affected by this? I couldn't find bf-test.c in the openssh
|> > directory in /usr/ports. I'm assuming that since the part of the autom=
agic
|> > process of building the port involves checking the checksum that we are
|> > safe, but I thought it best to ask.
|>=20
|> We're safe.
|>=20

Technically, yes provided system maintainers did not install openssh during
the time period the trojaned tarballs were available and didn't decide to
force the software to install on the system when the md5 checksum failed
to match.

During the period openssh was trojaned I was doing system upgrades and
rebuilding openssh as well with updated libraries.  As a rule I never force
software to install if the md5 checksum fails..  Some people ignore this
and install anyway.

--
Rob Andrews
RELI Networks, Inc.


--zYM0uCDKw75PZbzx
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (FreeBSD)

iD8DBQE9Sfh5AXwJ9YLqJJURAlxzAJ42O1XrGfXZpoFH3BCfJ3jbWostxgCfS4oG
u2GukH1r6AQpOgFyk9M7fQU=
=0wQ9
-----END PGP SIGNATURE-----

--zYM0uCDKw75PZbzx--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message