Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19
OpenSSH source trojan
Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: OpenSSH source trojan

  1. #1
    Moderator
    Good Guru
    Compunuts's Avatar
    Join Date
    May 2001
    Location
    California
    Posts
    3,935

    OpenSSH source trojan

    If you have lately upgraded either source or from some binary, the trojan is in OpenBSD's source.

    Since Debian binaries are updated BEFORE the source got trojaned, at least Debian is not affected taking the fact that you updated OpenSSH via apt-get ( and also some other distros which I dont' remember ). So if you are running OpenSSH, get the update from your distro supplier ASAP.

    Now, OpenBSD has got one remote exploit. http://www.openbsd.org

  2. #2

    Re:OpenSSH source trojan

    The trojan, as far as anyone knows, only works when compiling from source. The binary is unaffected. All it does is contact a port on a computer which according to the guy on /. who claimed he owned it, is now formatted and reinstalled.

    If you want to check your OpenSSH source, here is the MD5 sum of the untrojaned version:

    459c1d0262e939d6432f193c7a4ba8a8

    The trojaned version has the MD5 sum:

    3ac9bc346d736b4a51d676faa2a08a57

  3. #3

    Re:OpenSSH source trojan

    [quote author=Compunuts link=board=5;threadid=4436;start=0#44190 date=1028270783]
    Now, OpenBSD has got one remote exploit. http://www.openbsd.org
    [/quote]

    What kind made me sad is that this could have been prevented. The server that houses the OpenBSD projects binaries/source runs Solaris (if I remember correctly). If only they used OpenBSD or NetBSD ther OpenSSH source probably wouldn't have gotten trojaned at the source at least. :

  4. #4
    Moderator
    Good Guru
    Compunuts's Avatar
    Join Date
    May 2001
    Location
    California
    Posts
    3,935

    Re:OpenSSH source trojan

    [quote author=segfault link=board=5;threadid=4436;start=0#44200 date=1028277072]
    The trojan, as far as anyone knows, only works when compiling from source. The binary is unaffected.[/quote]
    Not true.

    The binaries are also infected if you've got the source that is also infected. It's just that the trojan will contact when compiling time to its server lettting it know that the box had been installed. After that, it's a sleeping snake and that's why they called it trojan instead of worm. Unless you have binaries from uninfected source tar balls such as Debian or a few others, you ARE infected. Upgrade your OpenSSH NOW.

  5. #5
    Moderator
    Good Guru
    Compunuts's Avatar
    Join Date
    May 2001
    Location
    California
    Posts
    3,935

    Re:OpenSSH source trojan

    [quote author=Ashcrow link=board=5;threadid=4436;start=0#44289 date=1028316824]
    The server that houses the OpenBSD projects binaries/source runs Solaris (if I remember correctly).
    [/quote]
    Man, that's pathetic ...

    At least hosting an OS related site, even for a commercial vendor, I would make sure they are running my own OS rather than others. I mean how stupid is that look if I'm telling people to run my own piece of software but I myself use others?? : . It's like telling how great Linux is and all but Red Hat site is hosted on Windows 2000 advanced server hosted box.

  6. #6

    Re:OpenSSH source trojan

    I have two things to say:
    1. ftp.openbsd.org is a Sunsite, this means that it is run on Solaris. So OpenBSD was not hacked, it was Solaris

    2. It was the portable version of OpenSSH that was trojaned (the one used on Linux, FreeBSD, etc.) The OpenBSD OpenSSH version was not touched and therefore, people using OpenBSD have nothing to worry about.

  7. #7
    Guest

    Re:OpenSSH source trojan

    i have one thing to say:

    1) how stupid can u be if u claim to have the most secure operating system and ur not even using it on your own server?

  8. #8

    Re:OpenSSH source trojan

    [quote author=Ralinx link=board=5;threadid=4436;start=0#44394 date=1028386412]
    i have one thing to say:

    1) how stupid can u be if u claim to have the most secure operating system and ur not even using it on your own server?
    [/quote]

    Need for bandwidth

  9. #9
    Moderator
    Good Guru
    Schotty's Avatar
    Join Date
    Jul 2001
    Location
    Milwaukee, WI
    Posts
    5,760

    Re:OpenSSH source trojan

    [quote author=Ralinx link=board=5;threadid=4436;start=0#44394 date=1028386412]
    i have one thing to say:

    1) how stupid can u be if u claim to have the most secure operating system and ur not even using it on your own server?
    [/quote]

    Hosting and mirroring. My bet is that they dont necessarily own the equipment. If that is the case, perhaps they will change that ....

  10. #10
    Guest

    Re:OpenSSH source trojan

    they really should change that.. it just doesn't sound right to say "hey look at our OS.. .it's so secure and so great, oh but we're hosting it on Solaris though"

    don't they have any source of income to get them their own server and bandwith?

Similar Threads

  1. BackDoor-CVT Trojan
    By koala in forum Linux - Software, Applications & Programming
    Replies: 1
    Last Post: 09-18-2007, 12:17 PM
  2. OpenSSH
    By beezlebubsbum in forum Linux - General Topics
    Replies: 7
    Last Post: 11-20-2004, 03:03 AM
  3. Trojan.Linux.JBellz
    By trickster in forum General Chat
    Replies: 2
    Last Post: 01-19-2003, 01:39 AM
  4. OpenSSH 3.3
    By Aaron_Adams in forum Linux - Software, Applications & Programming
    Replies: 9
    Last Post: 06-27-2002, 04:26 AM
  5. openssh for rh 6.2
    By elovkoff in forum Linux - General Topics
    Replies: 4
    Last Post: 06-19-2002, 01:24 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •