Re: /usr/bin/ssh-copy-id & trojan or variant UNIX/Exploit-SSHIDEN

To: debian-security@lists.debian.org
Subject: Re: /usr/bin/ssh-copy-id & trojan or variant UNIX/Exploit-SSHIDEN
From: Jim Richardson <warlock@eskimo.com>
Date: Thu, 15 Jan 2004 23:40:14 -0800
Message-id: <[🔎] u3hkd1-iga.ln1@grendel.myth>
References: <[🔎] 4006EE28.50208@yoda2.xs4all.nl>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 15 Jan 2004 20:50:11 +0100,
 Asim Saglam <yoda2@yoda2.xs4all.nl> wrote:
> Dear all,
>
> Can anybody explain the following?
>
> My virus scanner reported the following after the scan tonight:
>
> /usr/bin/ssh-copy-id
>            Found trojan or variant UNIX/Exploit-SSHIDEN !!!
>             Please send a copy of the file to Network Associates
>             The file has been renamed.

<snip>

> Furthermore ls -al gives:
> -rwxr-xr-x    1 root     root         1115 Sep 19 10:07 /usr/bin/ssh-copy-id
>
> Output of uname -a:
> Linux <snip> 2.4.23 #1 Sun Dec 28 12:46:20 CET 2003 i686 unknown
               ^^^^^^^^^^^^^^^^^^^^

<http://kerneltrap.org/node/view/1958>

Might want to consider upgrading to 2.4.24 or a patched 2.4.23, for the
mremap() local root exploit. 

>


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAB5Ved90bcYOAWPYRAhMmAKDiUCtSQzw70oHrlnmgTvfM2QBSigCdEfhh
7OI3mZiHCJU/d2x2Ea9243g=
=WpXR
-----END PGP SIGNATURE-----

-- 
Jim Richardson     http://www.eskimo.com/~warlock
Life is complex: it has a real part and an imaginary part.

Reply to:

References:
- /usr/bin/ssh-copy-id & trojan or variant UNIX/Exploit-SSHIDEN
  - From: Asim Saglam <yoda2@yoda2.xs4all.nl>

Prev by Date: Re: Update of security-critical outdated packages
Next by Date: Re: Mirroring security.debian.org for internal use
Previous by thread: Re: /usr/bin/ssh-copy-id & trojan or variant UNIX/Exploit-SSHIDEN
Next by thread: Mirroring security.debian.org for internal use
Index(es):
- Date
- Thread