1 |
Am 01 Aug 2002 12:18:53 +0300 |
2 |
schrieb Vitaly Kushneriuk <vitaly_kushneriuk@×××××.com>: |
3 |
|
4 |
> It's indeed looks like a trojan. It doesn't send you'r etc/passwd tho. |
5 |
> It connects to the 203.62.158.32[web.snsonline.net.] port 6667[irc] |
6 |
> and opens shell session on that connection, so that whoever is in |
7 |
> control there will be able to execute arbitraty commands on your system |
8 |
> with you'r current privileges. especialy dangerouus if you compile as |
9 |
> root. |
10 |
|
11 |
im not so big into the code, but the file @ ibiblio.org seems to be ok |
12 |
|
13 |
ftp://ibiblio.org/pub/Linux/distributions/gentoo/distfiles/openssh-3.4p1.tar.gz |
14 |
|
15 |
-rw-r--r-- 1 raven users 837668 08-01 12:06 |
16 |
openssh-3.4p1.tar.gz.ibiblio.org |
17 |
-rw-r--r-- 1 raven users 840574 08-01 11:46 openssh-3.4p1.tar.gz.dangerous_from.ftp.openbsd.org |
18 |
-rw-r--r-- 1 root root 837668 08-01 11:35 |
19 |
openssh-3.4p1.tar.gz.ok |
20 |
|
21 |
see the different sizes? interesting. that says enough. |
22 |
|
23 |
however the file mentionen (openbsd-compat/bf-test.c) doesnt exist in the ibiblio version |
24 |
so i hope this one is clean. |
25 |
|
26 |
|
27 |
such thing must never happen! |
28 |
|
29 |
|
30 |
Corvus Corax |