Re: CERT Advisory CA-2002-24 Trojan Horse OpenSSH Distribution (fwd)
From: Rob Andrews (rob@cyberpunkz.org)
Date: 08/02/02
- Next message: normal: "Re: openssl build"
- Previous message: Andrey A. Chernov: "[ache@FreeBSD.org: cvs commit: src/lib/libc/locale setlocale.c]"
- In reply to: Dag-Erling Smorgrav: "Re: CERT Advisory CA-2002-24 Trojan Horse OpenSSH Distribution (fwd)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 1 Aug 2002 23:11:53 -0400 From: Rob Andrews <rob@cyberpunkz.org> To: freebsd-security@FreeBSD.ORG
.- - - - - - Dag-Erling Smorgrav wrote (2002/08/01 at 09:02:48 PM) - - - - - -
|
|> Chris Miller <ctodd@netgate.net> writes:
|> > Are we affected by this? I couldn't find bf-test.c in the openssh
|> > directory in /usr/ports. I'm assuming that since the part of the automagic
|> > process of building the port involves checking the checksum that we are
|> > safe, but I thought it best to ask.
|>
|> We're safe.
|>
Technically, yes provided system maintainers did not install openssh during
the time period the trojaned tarballs were available and didn't decide to
force the software to install on the system when the md5 checksum failed
to match.
During the period openssh was trojaned I was doing system upgrades and
rebuilding openssh as well with updated libraries. As a rule I never force
software to install if the md5 checksum fails.. Some people ignore this
and install anyway.
-- Rob Andrews RELI Networks, Inc.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- application/pgp-signature attachment: stored
- Next message: normal: "Re: openssl build"
- Previous message: Andrey A. Chernov: "[ache@FreeBSD.org: cvs commit: src/lib/libc/locale setlocale.c]"
- In reply to: Dag-Erling Smorgrav: "Re: CERT Advisory CA-2002-24 Trojan Horse OpenSSH Distribution (fwd)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
