[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: (fwd) OpenSSH trojan!

Should debian users be worried if they only install the pre built .deb
package or should we evaluate the source and install the ssh from

I guess the next question is Do I Have it?


Daniel J. Rychlik
" Money does not make the world go round , Gravity does ."

-----Original Message-----
From: Jamie Penner [mailto:jpenner@nisa.net] 
Sent: Thursday, August 01, 2002 8:50 AM
To: debian-security@lists.debian.org; Dale Amon
Subject: Re: (fwd) OpenSSH trojan!

"bf-test.c[1] is nothing more than a wrapper which generates a
shell-script[2] which compiles itself and tries to connect to an
server running on (web.snsonline.net)."

At 06:39 AM 8/1/02, you wrote:
>On Thu, Aug 01, 2002 at 03:06:07PM +0200, Sebastien Chaumat wrote:
> >  I guess in the future (see the apt-src and co threads on devel)
> > and more people will auto-build packages localy. This will become a
> > serious issue then.
>Ah, so it was in the source dist then. I presume someone has been
>discussing the details of the unfriendly bit of C then? What
>exactly did it do? A hardcoded backdoor password or was it

Jamie Penner
Nisa Internet Technologies Inc.
Nanaimo, BC  Canada
EMail: jpenner@nisa.net
URL: http://www.nisa.com
Phone: 250-751-1111
Fax: 250-758-3511

To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact

Reply to: