| A day after warning of multiple
vulnerabilities in the OpenSSL protocol, the CERT Coordination Center
(CERT/CC) issued an alert that some copies of the source code for the
OpenSSH package contain a Trojan horse.
LWD - I like the smell of that::
Helping to make Technology: Mans Best Friend trojan. OpenSSH version 3.2.2p1, 3.4p1 and 3.4 have been trojaned on the OpenBSD ftp
http://www.littlewhitedog.com/modules.php?name=News&file=article&sid=2847HOME |
The security outfit warned that an unknown intruder modified files in the
openssh-3.4p1.tar.gz, openssh-3.4.tgz and openssh-3.2.2p1.tar.gz to include
malicious code and warned that mirrors of the OpenSSH download may be
compromised. The main openBSD mirror was
trojaned.
"We strongly encourage sites which employ, redistribute, or mirror the
OpenSSH package to immediately verify the integrity of their distribution,"
CERT/CC said in the advisory.
Developers on security message
boards say the malicious code does not appear sophisticated but could be
remotely programmed to give intruders root access machines.
Web Hosting - 2007 September 26::
and hit a few threads on the forums, not much there however if not, just drop to a shell and type sudo apt-get install openssh-server
http://www.cheapwebhosting.co.nz/2007/09/26/HOME |
"When building the OpenSSH binaries, the trojan resides in bf-test.c and
causes code to execute which connects to a specified IP address. The
destination port is normally used by the IRC protocol. A connection attempt
is made once an hour. If the connection is successful, arbitrary commands
may be executed," the group warned.
It is the second major bug found in OpenSSH in the last few months. In June,
serious
flaws were found and fixed in versions 2.3.1p1 through 3.3 of the
open-source tool, which is used by developers as a secure alternative to
Telnet Rlogin, Rsh, and FTP.
www.lug.udel.edu/pipermail/linux/2002-August.txt::
Distribution Files OpenSSH Security Advisory (adv.trojan) 1. Systems affected: installed OpenSSH from the OpenBSD ftp server or any mirror within that
http://www.lug.udel.edu/pipermail/linux/2002-August.txtHOME |
lists.community.tummy.com/pipermail/nclug/2003-June.txt::
filesystem clean for tripwire with only the running kernel memory compromised. of mine, also running a left alone Redhat box, was hit with an LKM root kit
http://lists.community.tummy.com/pipermail/nclug/2003-June.txtHOME |
The malicious files appear to have been placed on the FTP server which hosts
ftp.openssh.com and ftp.openbsd.org between July 30 or 31, almost two
full days before the OpenSSH development team could replace the Trojan horse
copies with the original, uncompromised versions. That means the Trojan
horse copy of the source code was available long enough for copies to
propagate to sites that mirror the OpenSSH site, CERT warned.
"The Trojan horse versions of OpenSSH contain malicious code that is run
when the software is compiled. This code connects to a fixed remote server
on 6667/tcp. It can then open a shell running as the user who compiled
OpenSSH," the Center said.
OpenSSH users are urged to go to the primary distribution site for the
software at OpenSSH.com.
 W3C Reformulates XHTML 1.0
 Government Against Full Disclosure of Vulnerabilities |
HOME