[Previo por Fecha] [Siguiente por Fecha] [Previo por Hilo] [Siguiente por Hilo]
[Hilos de Discusión] [Fecha] [Tema] [Autor]-----BEGIN PGP SIGNED MESSAGE----- > ---------- Forwarded message ---------- > > Date: Thu, 1 Aug 2002 11:19:49 -0400 > From: Niels Provos <provos en citi umich edu> > To: security-announce en openbsd org, misc en openbsd org, announce en openbsd org > Subject: OpenSSH Security Advisory: Trojaned Distribution Files > User-Agent: Mutt/1.3.27i > X-Spam-Level: > > OpenSSH Security Advisory (adv.trojan) > > 1. Systems affected: > > OpenSSH version 3.2.2p1, 3.4p1 and 3.4 have been trojaned on the > OpenBSD ftp server and potentially propagated via the normal mirroring > process to other ftp servers. The code was inserted some time between > the 30th and 31th of July. We replaced the trojaned files with their > originals at 7AM MDT, August 1st. > > 2. Impact: > > Anyone who has installed OpenSSH from the OpenBSD ftp server or any > mirror within that time frame should consider his system compromised. > The trojan allows the attacker to gain control of the system as the > user compiling the binary. Arbitrary commands can be executed. > > 3. Solution: > > Verify that you did not build a trojaned version of the sources. The > portable SSH tar balls contain PGP signatures that should be verified > before installation. You can also use the following MD5 checksums for > verification. > > MD5 (openssh-3.4p1.tar.gz) = 459c1d0262e939d6432f193c7a4ba8a8 > MD5 (openssh-3.4p1.tar.gz.sig) = d5a956263287e7fd261528bb1962f24c > MD5 (openssh-3.4.tgz) = 39659226ff5b0d16d0290b21f67c46f2 > MD5 (openssh-3.2.2p1.tar.gz) = 9d3e1e31e8d6cdbfa3036cb183aa4a01 > MD5 (openssh-3.2.2p1.tar.gz.sig) = be4f9ed8da1735efd770dc8fa2bb808a > > 4. Details > > When building the OpenSSH binaries, the trojan resides in bf-test.c > and causes code to execute which connects to a specified IP address. > The destination port is normally used by the IRC protocol. A > connection attempt is made once an hour. If the connection is > successful, arbitrary commands may be executed. > > Three commands are understood by the backdoor: > > Command A: Kill the exploit. > Command D: Execute a command. > Command M: Go to sleep. > > 5. Notice: > > Because of the urgency of this issue, the advisory may not be > complete. Updates will be posted to the OpenSSH web pages if > necessary. > > > > ----- End forwarded message ----- -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: cp850 iQEVAwUBPUlumXAvLUtwgRsVAQEfuQf/Ybio+4AnuNY6jJzaXTrdsEnmKd+DWMen IXV4oDtWXF9+sX/TsnJ2s1TYDcbQGoIxBFCCYktBbg0MxQAZNW5QzHSUCI93bWrc xau3ES0Hbpsz6PQX7o1VpqTIp1KsMSwOiisU+hNxQlY8Nz1E0t0VEWjLnodNVNJN lJwV3EWdzwB7tPWPPyPr7eaBKhX5bQkXtqcUX4GunEFqe05FwZEjAVslzeeX79Vv OJo1I16eGvT3NijADTgohUkHmhJxIYnlSEfd4/fqqJ8OV3qzm0WG0M9O3p8Jbb5E apF8QTn9+ROCVmTiRNcAFYumjhpI1KgR6oaTtik6xoBz30ZibDGoSw== =q3Wh -----END PGP SIGNATURE----- _______________________________________________ Ayuda mailing list Ayuda en linux org mx Para salir de la lista: http://mail.linux.org.mx/mailman/listinfo/ayuda/