[Techtalk] Fwd: OpenSSH trojan?

James jas at spamcop.net
Sat Aug 3 09:29:40 EST 2002

On Fri, 2 Aug 2002, Conor Daly wrote:

> Saw this on the ssh mailing list.  Something to watch out for?

It's something to be aware of, especially in other packages. Fortunately, 
all this specific Trojan did is give a root shell to a specific machine 
the perpetrator was using: that machine has now been reinstalled 
(securely!), so nobody can actually USE this Trojan maliciously now.

Apparently this has happened twice before, in similar circumstances (but 
to different servers) - although anyone installing from the FreeBSD 
"ports" tree is safe (it checks MD5 fingerprints against FreeBSD's own 
database, which wasn't compromised) - likewise Gentoo's "portage", 

So, in short: it's not a significant security issue in itself (the only 
way of exploiting it has now been closed), but it does show that we should 
all be careful where we get our programs from...


More information about the Techtalk mailing list