OpenSSH downloaded from the OpenBSD FTP site or OpenBSD FTP mirror sites could contain a Trojan Horse
| openssh-backdoor (9763) |  High Risk |
Description:
OpenSSH, if downloaded from the OpenBSD FTP site or OpenBSD FTP mirrored sites on 30-July-2002 and 31-July-2002, could cause a backdoor to be installed on victim's computers. The OpenBSD FTP site was compromised on or before 30-July-2002 and the bf-test.c file was replaced with a Trojan Horse. This could allow a remote attacker to gain access to systems that have installed the compromised source code and execute commands on the system with privileges of the user who installed the compromised version.
Consequences:
Gain Access
Remedy:
Users should verify that they have not installed a compromised version of OpenSSH. Refer to OpenSSH Security Advisory (adv.trojan) for more information. See References.
References:
- CERT Advisory CA-2002-24 : Trojan Horse OpenSSH Distribution.
- OpenSSH Security Advisory (adv.trojan): trojan.adv.
- BID-5374: OpenSSH Trojan Horse Vulnerability
Platforms Affected:
- OpenBSD OpenSSH 3.2.2p1
- OpenBSD OpenSSH 3.4
- OpenBSD OpenSSH 3.4p1
Reported:
Aug 01, 2002
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net