On Thu, 1 Aug 2002, Steve Wright wrote: > Hello, > > I'm no programmer so I'm hoping someone can confirm this for me.. > I am correct in thinking the trojan currently in OpenSSH portable 3.4p1 only > runs during compilation ? From Christian Bahls' post on bugtraq, this trojan simply creates a file called conftest.c, and tries repeatedly to compile and run it naming the binary after $USER's shell, during compilation of OpenSSH. Thats all. > ie a copy of ssh compiled using this source will not have anything nasty > build into it ? In plain english: No. Not from _this_ particular trojan. You should consider your system compromized as it could have been wide open while compiling, but before you panic, remember that this trojan was (according to Niels Provos in a recent post to bugtraq) inserted between 30. and 31. of July, and removed at 7AM MDT August 1st. If you didnt touch your OpenSSH install before 30. of July, and stay away from the mirrors until they're clean, you should be safe. Oh, and the guys that inserted the trojan might easily had access to more on the same ftp site, and subsequently also its mirrors. If you don't usually verify checksums, now is a great time to start doing so. - Eirik -- New and exciting signature!
This archive was generated by hypermail 2b30 : Fri Aug 02 2002 - 00:53:58 PDT