Re: "Latest libpcap & tcpdump sources from tcpdump.org contain a trojan"

To: debian-security@lists.debian.org
Subject: Re: "Latest libpcap & tcpdump sources from tcpdump.org contain a trojan"
From: Bart-Jan Vrielink <bartjan@vrielink.net>
Date: 14 Nov 2002 11:37:37 +0100
Message-id: <[🔎] 1037270257.1260.53.camel@trillian>
In-reply-to: <[🔎] 20021113191558.GB1848@lupe-christoph.de>
References: <[🔎] 20021113191558.GB1848@lupe-christoph.de>

On Wed, 2002-11-13 at 20:15, Lupe Christoph wrote:

> Please read
> http://www.hlug.org/modules.php?op=modload&name=News&file=article&sid=6&mode=thread&order=0&thold=0
> 
> Is Debian affected?

If I read this (and the CERT advisory) correctly, the trojan only
triggers at compile time, so I don't think normal Debian users are
affected, only perhaps the maintainer himself.

>From CA-2002-30 (CERT):

II. Impact

An intruder operating from (or able to impersonate) the remote address
specified in the malicious code could gain unauthorized remote access to
any host that compiled a version of tcpdump with this Trojan horse. The
privilege level under which this malicious code would be executed would
be that of the user who compiled the source code.

"... any host that compiled ..." means to me that the Debian packages
shouldn't be affected.

-- 
Tot ziens,
Bart-Jan Vrielink

Reply to:

Follow-Ups:
- Re: "Latest libpcap & tcpdump sources from tcpdump.org contain a trojan"
  - From: Steve Suehring <suehring@braingia.org>

References:
- "Latest libpcap & tcpdump sources from tcpdump.org contain a trojan"
  - From: lupe@lupe-christoph.de (Lupe Christoph)

Prev by Date: Re: unsubscribe
Next by Date: VPN question
Previous by thread: Re: "Latest libpcap & tcpdump sources from tcpdump.org contain a trojan"
Next by thread: Re: "Latest libpcap & tcpdump sources from tcpdump.org contain a trojan"
Index(es):
- Date
- Thread