Re: "Latest libpcap & tcpdump sources from tcpdump.org contain a trojan"

[Tim Haynes <debian@stirfried.vegetable.org.uk>]

Steve Suehring <suehring@braingia.org> writes:

> You are correct insofar as it triggers at compile time for libpcap, the
> configure script to be exact. I grabbed a copy of the trojan'ed libpcap
> and compiled it in a sandbox machine. You can do a strings of the
> compiled libpcap.a and grep for 1963. Doing so yields these results:
>
> debian:~/libpcap-0.7.1# strings libpcap.a | grep 1963
> 1963
> not port 1963
>
> I _didn't_ have the same result when running the command against woody's
> libpcap library files on my boxen. Obviously, I'm not saying that you
> will have the same result or that this is the only method to find the
> problem, etc. It worked for me though.
[snip]

OK, this is another helpful check, thanks. I checked my boxes for one or
two strings (`mash', `mars' and a switch statement in one of the reports
linked off slashdot) yesterday in both the libraries and the
debian/Unstable sources, also not finding any positive matches.

HTreassures,

~Tim
-- 
<http://spodzone.org.uk/>