Re: openssh-3.4p1.tar.gz trojaned

From: Udo Schweigert (udo.schweigert@siemens.com)
Date: 08/01/02

• Next message: Holt Grendal: "How was ftp.openbsd.org compromised?"
• Previous message: Niels Provos: "OpenSSH Security Advisory: Trojaned Distribution Files"
• In reply to: chad: "Re: openssh-3.4p1.tar.gz trojaned"
• Next in thread: DiCioccio, Jason: "RE: openssh-3.4p1.tar.gz trojaned"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Thu, 1 Aug 2002 17:31:26 +0200
From: Udo Schweigert <udo.schweigert@siemens.com>
To: chad <chad@evolvs.com>

On Thu, Aug 01, 2002 at 09:23:50 -0600, chad wrote:
> I just upgraded my OpenBSD 3.0 machine to OpenSSH 3.4 last night.
> I downloaded openssh-3.4.tgz ( notice not p1 ). The MD5 I got was
>
> MD5 (openssh-3.4.tgz) = bda7c80825d9d9f35f17046ed90e1b0a
>
> And look :
>
> [root@superfrink /root/upgrades]# tar -tzf openssh-3.4.tgz | grep bf
> ssh/ssh-keygen/bf-test.c
>
> And then:
>
> [root@superfrink /root/upgrades]# head -5 ssh/ssh-keygen/bf-test.c
> /*
> * Blowfish input vectors are handled incorrectly on HP-UX PL.2 systems.
> * Perform routine compatability checks.
> */
  ##include <stdio.h>
>
> So I guess It's not just openssh-3.4p1.tar.gz that is trojaned.
>

The following changes occured to ftp.openssh.com:

Old size -> new size name

398595 -> 401466 openssh-3.4.tgz
822567 -> 825630 portable/openssh-3.2.2p1.tar.gz
837668 -> 840574 portable/openssh-3.4p1.tar.gz

So the portable versions 3.4 and 3.2.2 as well as the "native" 3.4 were
affected. Meanwhile all 3 have been replaced by the original versions.

Best regards

--
Udo Schweigert, Siemens AG   | Voice      : +49 89 636 42170
CT IC CERT, Siemens CERT     | Fax        : +49 89 636 41166
D-81730 Muenchen / Germany   | email      : udo.schweigert@siemens.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

---

• Next message: Holt Grendal: "How was ftp.openbsd.org compromised?"
• Previous message: Niels Provos: "OpenSSH Security Advisory: Trojaned Distribution Files"
• In reply to: chad: "Re: openssh-3.4p1.tar.gz trojaned"
• Next in thread: DiCioccio, Jason: "RE: openssh-3.4p1.tar.gz trojaned"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: openssh-3.4p1.tar.gz trojaned ... I just upgraded my OpenBSD 3.0 machine to OpenSSH 3.4 last night. ... * Blowfish input vectors are handled incorrectly on HP-UX PL.2 systems. ... (FreeBSD-Security) Re: Cleaning out unneeded executables ... This subshell exposed filenames to shell expansion twice; ... : OpenBSD, OpenSSH, 4.2 p1 ... (comp.os.linux.security) Re: Openssh v4.2-3 vs. HP-UX 11iv1 TCB ... HP does a great job in porting OpenSSH to HP-UX. ... converted to TCB, but we wish to run it on a system that has been ... honor administrative locks on accounts. ... (SSH) Re: [openssh-unix-announce] Re: Upcoming OpenSSH vulnerability (fwd) ... variant versions of OpenSSH out there; you can't expect the OpenBSD ... Theo) that the risk of exploitation is greater than the risk due to ... (FreeBSD-Security) Re: Cleaning out unneeded executables ... : Vulnerable software and versions ... : OpenBSD, OpenSSH, 4.2 p1 ... (comp.os.linux.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > FreeBSD-Security  > 2002-08