[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: "Latest libpcap & tcpdump sources from tcpdump.org contain a trojan"

On Wed, 2002-11-13 at 20:15, Lupe Christoph wrote:

> Please read
> http://www.hlug.org/modules.php?op=modload&name=News&file=article&sid=6&mode=thread&order=0&thold=0
> Is Debian affected?

If I read this (and the CERT advisory) correctly, the trojan only
triggers at compile time, so I don't think normal Debian users are
affected, only perhaps the maintainer himself.

>From CA-2002-30 (CERT):

II. Impact

An intruder operating from (or able to impersonate) the remote address
specified in the malicious code could gain unauthorized remote access to
any host that compiled a version of tcpdump with this Trojan horse. The
privilege level under which this malicious code would be executed would
be that of the user who compiled the source code.

"... any host that compiled ..." means to me that the Debian packages
shouldn't be affected.

Tot ziens,
Bart-Jan Vrielink

Reply to: