Date: Thu, 01 Aug 2002 14:23:14 +0200 From: Christoph Wegener <cwe@bph.ruhr-uni-bochum.de> To: Mario Pranjic <mario.pranjic@irb.hr> Cc: freebsd-security@FreeBSD.ORG Subject: Re: openssh-3.4p1.tar.gz trojaned Message-ID: <V832ZC7PYXVTB61W2X543MH96WS4W.3d492832@gonzo> In-Reply-To: <Pine.GSO.4.32.0208011335560.26397-100000@nippur.irb.hr>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi again,
yes you are right: I agree that the version on the ftp-server must have been changed during the last 24 hours - so you _might_ be safe...
But who can guaranty that... :(( AFAIK: if you don not have the trojan in the origin tarball this is a good indicator for being safe...
Just my 2 cents...cheers
Christoph
1.8.2002 13:40:56, Mario Pranjic <mario.pranjic@irb.hr> wrote:
>Of course. I understand that.
>
>But, I wanted your opinion about the openssh that installed yesterday (or
>the day before, not so sure right now).
>
>It has the right md5 checksum and no trojan file in tarball.
>
>If I got it right, openssh source tarball has changed in past 24 hourhs on
>ftp.openbsd.org and that one is infected.
>
>If so, I installed the clean version before the one with trojan was put on
>ftp server.
>
>We'll see what will the maintainer say about it (dinoex@FreeBSD.org).
--
.-. Ruhr-Universitaet Bochum
/v\ L I N U X Lehrstuhl fuer Biophysik
// \\ >Penguin Computing< c/o Christoph Wegener
/( )\ Gebaeude ND 04/Nord
^^-^^ D-44780 Bochum, GERMANY
Tel: +49 (234) 32-25754 Fax: +49 (234) 32-14626
mailto:cwe@bph.ruhr-uni-bochum.de http://www.bph.ruhr-uni-bochum.de
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?V832ZC7PYXVTB61W2X543MH96WS4W.3d492832>