Re: openssh-3.4p1.tar.gz trojaned

From: Udo Schweigert (udo.schweigert@siemens.com)
Date: 08/01/02


Date: Thu, 1 Aug 2002 17:31:26 +0200
From: Udo Schweigert <udo.schweigert@siemens.com>
To: chad <chad@evolvs.com>

On Thu, Aug 01, 2002 at 09:23:50 -0600, chad wrote:
> I just upgraded my OpenBSD 3.0 machine to OpenSSH 3.4 last night.
> I downloaded openssh-3.4.tgz ( notice not p1 ). The MD5 I got was
>
> MD5 (openssh-3.4.tgz) = bda7c80825d9d9f35f17046ed90e1b0a
>
> And look :
>
> [root@superfrink /root/upgrades]# tar -tzf openssh-3.4.tgz | grep bf
> ssh/ssh-keygen/bf-test.c
>
> And then:
>
> [root@superfrink /root/upgrades]# head -5 ssh/ssh-keygen/bf-test.c
> /*
> * Blowfish input vectors are handled incorrectly on HP-UX PL.2 systems.
> * Perform routine compatability checks.
> */
  ##include <stdio.h>
>
> So I guess It's not just openssh-3.4p1.tar.gz that is trojaned.
>

The following changes occured to ftp.openssh.com:

Old size -> new size name

398595 -> 401466 openssh-3.4.tgz
822567 -> 825630 portable/openssh-3.2.2p1.tar.gz
837668 -> 840574 portable/openssh-3.4p1.tar.gz

So the portable versions 3.4 and 3.2.2 as well as the "native" 3.4 were
affected. Meanwhile all 3 have been replaced by the original versions.

Best regards

--
Udo Schweigert, Siemens AG   | Voice      : +49 89 636 42170
CT IC CERT, Siemens CERT     | Fax        : +49 89 636 41166
D-81730 Muenchen / Germany   | email      : udo.schweigert@siemens.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


Relevant Pages