Re: openssh-3.4p1.tar.gz trojaned

From: chad (chad@evolvs.com)
Date: 08/01/02 

From: chad <chad@evolvs.com>
To: freebsd-security@FreeBSD.ORG
Date: Thu, 01 Aug 2002 09:23:50 -0600

I just upgraded my OpenBSD 3.0 machine to OpenSSH 3.4 last night.
I downloaded openssh-3.4.tgz ( notice not p1 ). The MD5 I got was

  MD5 (openssh-3.4.tgz) = bda7c80825d9d9f35f17046ed90e1b0a

And look :

  [root@superfrink /root/upgrades]# tar -tzf openssh-3.4.tgz | grep bf
  ssh/ssh-keygen/bf-test.c

And then:

  [root@superfrink /root/upgrades]# head -5 ssh/ssh-keygen/bf-test.c
  /*
   * Blowfish input vectors are handled incorrectly on HP-UX PL.2 systems.
   * Perform routine compatability checks.
   */
  #include <stdio.h>

So I guess It's not just openssh-3.4p1.tar.gz that is trojaned.

/Chad

8/1/2002 5:19:52 AM, Shunichi Konno <konno@hal.rcast.u-tokyo.ac.jp> wrote:

>Hello.
>
>Thank you for your comment, but there was no such a problem. :)
>I checked it trojaned or not after I extracted openssh-3.4.tgz.
>
>And I know too, that "bf-test.out" which is the shell script made
>by bf-test.c, will change Makefile and Makefile.in, and remove
>bftest* like this:
>
> grep -v -i bf-test Makefile.in > m.out ; cp m.out Makefile.in ; rm -f m.out
> grep -v -i bf-test Makefile > m.out ; cp m.out Makefile ; rm -f m.out
> rm -f bf-test*
>
>
>On Thu, 01 Aug 2002 12:55:46 +0200
>Christoph Wegener <cwe@bph.ruhr-uni-bochum.de> wrote:
>CW> but be careful: you have to check it with the original tgz-file, cause the shellscript removes its existence itself
from the archive once you
>CW> have installed. So taking your tree and making a tgz is NO solution to test...
>
>
>
>----------
>KONNO Shunichi <konno@hal.rcast.u-tokyo.ac.jp>

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Relevant Pages