mailing list archives
Re: <Advice> Possible Backdoor into openssh-3.7.1p1-i386-1.tgz from Slackware Mirror
From: "Patrick J. Volkerding" <security () slackware com>
Date: Sat, 20 Sep 2003 17:22:16 -0700 (PDT)
-----BEGIN PGP SIGNED MESSAGE-----
On Sat, 20 Sep 2003, Piermark wrote:
I have update my Slackware 9.0 with openssh-3.7.1p1-i386-1.tgz from
Now i have 3 new tcp/ip ports into my system: (thank Nmap) :-)
- 867 Open
- 879 Open
- 889 Open
(to) 127.0.0.1 867
Connected to 127.0.0.1.
Escape character is '^]'.
I've verified the GPG signature for the package on ftp.slackware.at, and
it has not been tampered with. The GPG signature of the
openssh-3.7.1p1.tar.gz has also been tested, and is signed with the
correct signature of the OpenSSH developer who signs such things.
Additionally, I've tested installing the package and found no unexpected
ports were opened.
Conclusion: This report is false.
These ports are choice random from a range of 300 - 1200 !! and the size
of the tgz is various for every mirror:
628642 Sep 20 17:58 openssh-3.7.1p1-i386-1.tgz (from www.slackware.at)
628481 Sep 20 21:01 openssh-3.7p1-i386-1.tgz (from www.slackware.com)
Note that these are completely different package versions.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
-----END PGP SIGNATURE-----