| 1 |
Pat, Neil, Gentoo devs, KDE friends: |
| 2 |
|
| 3 |
From #kde-freebsd: |
| 4 |
|
| 5 |
<knu> ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-3.4p1.tar.gz |
| 6 |
is trojaned |
| 7 |
<tap> nothing on google either |
| 8 |
<knu> steals /etc/passwd to send to a certain IRC network and removes itself |
| 9 |
<Capzilla> knu : says who |
| 10 |
<knu> see the code, but never run make |
| 11 |
<knu> openbsd-compat/{Makefile.in,bf-test.c} |
| 12 |
|
| 13 |
Looks like some weird stuff is in there indeed. |
| 14 |
|
| 15 |
md5sum of the binary that appears to be trojaned: |
| 16 |
|
| 17 |
3ac9bc346d736b4a51d676faa2a08a57 openssh-3.4p1.tar.gz |
| 18 |
|
| 19 |
As far as I can see, compiled binaries are *not* affected, but you might |
| 20 |
want to carefully examin this more closely (I'm waiting with upgradepkg en |
| 21 |
emerge on my systems until there's some more info). We've had a few hoaxes |
| 22 |
recently, but this looks suspicious. Especially Gentoo might be vulnerable |
| 23 |
because source compilation of vanilla packages is its very core feature. |
| 24 |
|
| 25 |
My apologies if this is just a storm in a glass of water. |
| 26 |
|
| 27 |
Rob |
Archives