Re: /usr/bin/ssh-copy-id & trojan or variant UNIX/Exploit-SSHIDEN
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thu, 15 Jan 2004 20:50:11 +0100,
Asim Saglam <yoda2@yoda2.xs4all.nl> wrote:
> Dear all,
>
> Can anybody explain the following?
>
> My virus scanner reported the following after the scan tonight:
>
> /usr/bin/ssh-copy-id
> Found trojan or variant UNIX/Exploit-SSHIDEN !!!
> Please send a copy of the file to Network Associates
> The file has been renamed.
<snip>
> Furthermore ls -al gives:
> -rwxr-xr-x 1 root root 1115 Sep 19 10:07 /usr/bin/ssh-copy-id
>
> Output of uname -a:
> Linux <snip> 2.4.23 #1 Sun Dec 28 12:46:20 CET 2003 i686 unknown
^^^^^^^^^^^^^^^^^^^^
<http://kerneltrap.org/node/view/1958>
Might want to consider upgrading to 2.4.24 or a patched 2.4.23, for the
mremap() local root exploit.
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFAB5Ved90bcYOAWPYRAhMmAKDiUCtSQzw70oHrlnmgTvfM2QBSigCdEfhh
7OI3mZiHCJU/d2x2Ea9243g=
=WpXR
-----END PGP SIGNATURE-----
--
Jim Richardson http://www.eskimo.com/~warlock
Life is complex: it has a real part and an imaginary part.
Reply to: