Re: (fwd) OpenSSH trojan!

To: Halil Demirezen <halild@bilmuh.ege.edu.tr>
Cc: Vincent Hanquez <tab@crans.org>, debian-security@lists.debian.org
Subject: Re: (fwd) OpenSSH trojan!
From: Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>
Date: Fri, 02 Aug 2002 16:16:06 +0200
Message-id: <[🔎] 878z3pcpnd.fsf@CERT.Uni-Stuttgart.DE>
In-reply-to: <[🔎] Pine.LNX.4.21.0208021707430.26167-100000@bilmuh> (Halil Demirezen's message of "Fri, 2 Aug 2002 17:10:11 +0300 (EEST)")
References: <[🔎] Pine.LNX.4.21.0208021707430.26167-100000@bilmuh>

Halil Demirezen <halild@bilmuh.ege.edu.tr> writes:

> and we installed the ssh from the deb packages using
> apt-get install utility.
>
> I wonder if there is any risk on this stable version of OpenSSH
> (Debian) undependent from openbsd's source tarball?

There isn't an easy way to determine whether a Debian package is
authentic or not.  I'm not even sure what "authentic" means in this
context.

The package you are referring to is probably not affected by the
OpenBSD incident, but you cannot be sure that it hasn't been
manipulated by some other means.

-- 
Florian Weimer 	                  Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart           http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT                          fax +49-711-685-5898

Reply to:

Follow-Ups:
- Re: (fwd) OpenSSH trojan!
  - From: Jussi Ekholm <ekhowl@goa-head.org>

References:
- Re: (fwd) OpenSSH trojan!
  - From: Halil Demirezen <halild@bilmuh.ege.edu.tr>

Prev by Date: Re: (fwd) OpenSSH trojan!
Next by Date: Re: (fwd) OpenSSH trojan!
Previous by thread: Re: (fwd) OpenSSH trojan!
Next by thread: Re: (fwd) OpenSSH trojan!
Index(es):
- Date
- Thread