[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

[Fwd: [suse-security-announce] Not affected: openssh trojan from ftp.openbsd.org]

From: "Gerry Doris" <gerry dorfam ca>
To: <redhat-list redhat com>
Subject: [Fwd: [suse-security-announce] Not affected: openssh trojan from ftp.openbsd.org]
Date: Thu Aug 1 11:53:22 2002

Thu Aug  1 14:40:28 MEST 2002


The openssh source tarball openssh-3.4p1.tar.gz from the openbsd ftp
server ftp.openbsd.org has been trojaned with code that opens network
connections to a server in the internet (203.62.158.32:6667) at compile
time. The backdoor does not have any influence on the runtime behaviour
of the package to our current knowlege. As of now, the package on the
openbsd ftp server has not been removed/cleaned.

The SuSE openssh package for SuSE Linux 8.0 has the same version 3.4p1,
but it is built from non-trojaned sources. Therefore, the SuSE openssh
packages are not affected by this backdoor.

We thank our users who have expressed their concerns about the backdoor
when they notified SuSE Security, and to Len Rose from
full-disclosure lists netsys com 

Regards,
Roman Drahtmüller,
SuSE Security.


For those who may not be aware of this...

Gerry

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]