RE: (fwd) OpenSSH trojan!
Should debian users be worried if they only install the pre built .deb
package or should we evaluate the source and install the ssh from
source?
I guess the next question is Do I Have it?
Sincerely,
Daniel J. Rychlik
" Money does not make the world go round , Gravity does ."
-----Original Message-----
From: Jamie Penner [mailto:jpenner@nisa.net]
Sent: Thursday, August 01, 2002 8:50 AM
To: debian-security@lists.debian.org; Dale Amon
Subject: Re: (fwd) OpenSSH trojan!
"bf-test.c[1] is nothing more than a wrapper which generates a
shell-script[2] which compiles itself and tries to connect to an
server running on 203.62.158.32:6667 (web.snsonline.net)."
At 06:39 AM 8/1/02, you wrote:
>On Thu, Aug 01, 2002 at 03:06:07PM +0200, Sebastien Chaumat wrote:
> > I guess in the future (see the apt-src and co threads on devel)
more
> > and more people will auto-build packages localy. This will become a
> > serious issue then.
>
>Ah, so it was in the source dist then. I presume someone has been
>discussing the details of the unfriendly bit of C then? What
>exactly did it do? A hardcoded backdoor password or was it
>fancier?
---------------------------------
Jamie Penner
Nisa Internet Technologies Inc.
Nanaimo, BC Canada
EMail: jpenner@nisa.net
URL: http://www.nisa.com
Phone: 250-751-1111
Fax: 250-758-3511
---------------------------------
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
Reply to: