Should debian users be worried if they only install the pre built .deb package or should we evaluate the source and install the ssh from source?
I guess the next question is Do I Have it? Sincerely, Daniel J. Rychlik " Money does not make the world go round , Gravity does ." -----Original Message----- From: Jamie Penner [mailto:[EMAIL PROTECTED] Sent: Thursday, August 01, 2002 8:50 AM To: debian-security@lists.debian.org; Dale Amon Subject: Re: (fwd) OpenSSH trojan! "bf-test.c[1] is nothing more than a wrapper which generates a shell-script[2] which compiles itself and tries to connect to an server running on 203.62.158.32:6667 (web.snsonline.net)." At 06:39 AM 8/1/02, you wrote: >On Thu, Aug 01, 2002 at 03:06:07PM +0200, Sebastien Chaumat wrote: > > I guess in the future (see the apt-src and co threads on devel) more > > and more people will auto-build packages localy. This will become a > > serious issue then. > >Ah, so it was in the source dist then. I presume someone has been >discussing the details of the unfriendly bit of C then? What >exactly did it do? A hardcoded backdoor password or was it >fancier? --------------------------------- Jamie Penner Nisa Internet Technologies Inc. Nanaimo, BC Canada EMail: [EMAIL PROTECTED] URL: http://www.nisa.com Phone: 250-751-1111 Fax: 250-758-3511 --------------------------------- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
