SuSE alert: Not affected: openssh trojan from ftp.openbsd.org

Posted by dave on Aug 1, 2002 4:51 AM EDT
Mailing list		Mail this story
Print this story

The openssh source tarball openssh-3.4p1.tar.gz from the openbsd ftp server http://ftp.openbsd.org has been trojaned with code that opens network connections to a server in the internet (203.62.158.32:6667) at compile time. The backdoor does not have any influence on the runtime behaviour of the package to our current knowlege. As of now, the package on the openbsd ftp server has not been removed/cleaned.

-----BEGIN PGP SIGNED MESSAGE-----

Thu Aug 1 14:40:28 MEST 2002

The openssh source tarball openssh-3.4p1.tar.gz from the openbsd ftp
server http://ftp.openbsd.org has been trojaned with code that opens network
connections to a server in the internet (203.62.158.32:6667) at compile
time. The backdoor does not have any influence on the runtime behaviour of
the package to our current knowlege. As of now, the package on the openbsd
ftp server has not been removed/cleaned.

The SuSE openssh package for SuSE Linux 8.0 has the same version 3.4p1,
but it is built from non-trojaned sources. Therefore, the SuSE openssh
packages are not affected by this backdoor.

We thank our users who have expressed their concerns about the backdoor
when they notified SuSE Security, and to Len Rose from
full-disclosure@lists.netsys.com.

Regards,
Roman Drahtmüller,
SuSE Security.
- --
 - -
| Roman Drahtmüller <draht@suse.de> // "You don't need eyes to see, |
  SuSE Linux AG - Security Phone: // you need vision!"
| Nürnberg, Germany +49-911-740530 // Maxi Jazz, Faithless |
 - -

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBPUku1Hey5gA9JdPZAQHNgwf7Bj2C9aJyCR+ooCxOr/2wpTYKkn0wEHFS
DsKUXyXWXKXQORs09npwxVh2NF9WIotreDAwG4MOnLgMdGD6ai+rcV0Y16UIo0YC
V8SwhpKemDTHPCnDZq9TTywsWhXIpsOmFZelHqbzEvbL99Ibf7GCDfMmfAYkId+E
WOaC9LA5MPICiMQYB/o1hRpiU49iKvEfvOWzYb3E+OcA1vKiYdO9cmSQXNXV50oS
l5FR345zGnl1dWvu6jbXaxNwgbMeWF1T5Ow0RE7a6/9iA/WiGaNAkd8GVUPSDW0G
r+xCYmmcp5VNb3UnMlZLa6FQP8pmNYJtI6emVAGRo5mBPmwxC3S2JA==
=CLck
-----END PGP SIGNATURE----- 

-- 
To unsubscribe, e-mail: suse-security-announce-unsubscribe@suse.com
For additional commands, e-mail: suse-security-announce-help@suse.com

This archive was generated by hypermail 2.1.4 : Thu Aug 01 2002 - 14:56:44 CEST

  Nav
» Read more about: Story Type: Security; Groups: SUSE

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.