RE: openssh-3.4p1.tar.gz apparently trojaned

Subject: RE: openssh-3.4p1.tar.gz apparently trojaned
From: James Zuelow (
Date: Thu Aug 01 2002 - 12:21:47 AKDT

Looks like it is even more limited. From the OpenSSH website:

1. Systems affected:

OpenSSH version 3.2.2p1, 3.4p1 and 3.4 have been trojaned on the
OpenBSD ftp server and potentially propagated via the normal mirroring
process to other ftp servers. The code was inserted some time between
the 30th and 31th of July. We replaced the trojaned files with their
originals at 7AM MDT, August 1st.

2. Impact:

Anyone who has installed OpenSSH from the OpenBSD ftp server or any
mirror within that time frame should consider his system compromised.
The trojan allows the attacker to gain control of the system as the
user compiling the binary. Arbitrary commands can be executed.


So unless you've built OpenSSH from source in the last couple of days, you
should be OK. Anyone who upgraded to 3.4 back in June when it came out
should be fine. (Of course, I still did a quick grep of my IP traffic



To unsubscribe, send email to <>
with 'unsubscribe' in the message body.

This archive was generated by hypermail 2a23 : Thu Aug 01 2002 - 12:21:57 AKDT