[Techtalk] Fwd: OpenSSH trojan?
James
jas at spamcop.net
Sat Aug 3 09:29:40 EST 2002
On Fri, 2 Aug 2002, Conor Daly wrote:
> Saw this on the ssh mailing list. Something to watch out for?
It's something to be aware of, especially in other packages. Fortunately,
all this specific Trojan did is give a root shell to a specific machine
the perpetrator was using: that machine has now been reinstalled
(securely!), so nobody can actually USE this Trojan maliciously now.
Apparently this has happened twice before, in similar circumstances (but
to different servers) - although anyone installing from the FreeBSD
"ports" tree is safe (it checks MD5 fingerprints against FreeBSD's own
database, which wasn't compromised) - likewise Gentoo's "portage",
apparently.
So, in short: it's not a significant security issue in itself (the only
way of exploiting it has now been closed), but it does show that we should
all be careful where we get our programs from...
James.
More information about the Techtalk
mailing list