[FUGSPBR] Re: OpenSSH Security Advisory: Trojaned Distribution Files (fwd)
Eduardo Augusto Alvarenga
eduardo-fugspbr.1acd40 em thrx.dyndns.org
Qui Ago 1 13:11:15 BRT 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Para quem assina {announce,misc}@openbsd.org.
Atenciosamente,
- --
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Eduardo A. Alvarenga - Analista de Suporte #179653
Secretaria de Segurança Pública do Estado do Pará
Belém - Pará - (91) 223-4996 / 272-1611
eduardo@{thrx.dyndns.org,segup.pa.gov.br}
- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
OpenBSD Consultant: www.openbsd.org/support.html
- ---------- Forwarded message ----------
Date: Thu, 1 Aug 2002 17:50:38 +0200
From: Martin Reindl <mreindl em catai.org>
To: "misc em openbsd.org" <misc em openbsd.org>
Subject: Re: OpenSSH Security Advisory: Trojaned Distribution Files
> > OpenSSH Security Advisory (adv.trojan)
> >
> > 1. Systems affected:
> >
> > OpenSSH version 3.2.2p1, 3.4p1 and 3.4 have been trojaned on the
> > OpenBSD ftp server and potentially propagated via the
> normal mirroring
> > process to other ftp servers. The code was inserted some
> time between
> > the 30th and 31th of July. We replaced the trojaned files
> with their
> > originals at 7AM MDT, August 1st.
>
> How did this happened? Solaris knockdown?
Think so ...
The server bf-test.c is refering to (203.62.158.32:6667) was running
FreeBSD Apache 1.3.24 with the well known bug from April 11th till
August 1st (according to netcraft.com).
Maybe somebody knows how the trojan got on ftp.openbsd.org.
The idiots out there already start blaming OpenSSH and OpenBSD for this.
Btw, Response time restoring the original files seems really fast, i
couldn't find any modified openssh-3.4p1.tar.gz today.
Martin
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE9SV2opKK2uJoGDlMRAmpDAJ9QVMNHwL16DMqCWD4ggHNEOJpwXwCfQttw
WPxvkZKQ92Goluh804FIzNA=
=1I1N
-----END PGP SIGNATURE-----
________________________________________________
Para sair da lista visite o URL abaixo:
http://www2.fugspbr.org/mailman/listinfo/fugspbr
Mais detalhes sobre a lista de discussão freebsd