OpenSSH downloaded from the OpenBSD FTP site or OpenBSD FTP mirror sites could contain a Trojan Horse
| openssh-backdoor (9763) |  High Risk |
Description:
OpenSSH versions 3.2.2p1, 3.4p1, and 3.4, if downloaded from the OpenBSD FTP site or OpenBSD FTP mirrored sites on 30-July-2002 and 31-July-2002, could cause a backdoor to be installed on victim's computers. The OpenBSD FTP site was compromised on or before 30-July-2002 and the bf-test.c file was replaced with a Trojan Horse. This could allow a remote attacker to gain access to systems that have installed the compromised source code and execute commands on the system with privileges of the user who installed the compromised version.
Platforms Affected:
- OpenBSD, OpenSSH 3.2.2p1
- OpenBSD, OpenSSH 3.4
- OpenBSD, OpenSSH 3.4p1
Remedy:
Users should verify that they have not installed a compromised version of OpenSSH. Refer to OpenSSH Security Advisory (adv.trojan) for more information. See References.
Consequences:
Gain Access
References:
- CERT Advisory CA-2002-24 , Trojan Horse OpenSSH Distribution at http://www.cert.org/advisories/CA-2002-24.html.
- OpenSSH Security Advisory (adv.trojan), trojan.adv at http://www.openssh.com/txt/trojan.adv.
- BID-5374: OpenSSH Trojan Horse Vulnerability
Reported:
Aug 01, 2002
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.
For corrections or additions please email xforce@iss.net