Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: <Advice> Possible Backdoor into openssh-3.7.1p1-i386-1.tgz from Slackware Mirror
From: "Patrick J. Volkerding" <security () slackware com>
Date: Sat, 20 Sep 2003 17:22:16 -0700 (PDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



On Sat, 20 Sep 2003, Piermark wrote:
Hi,

I have update my Slackware 9.0 with openssh-3.7.1p1-i386-1.tgz  from
http://www.slackware.at/data/slackware-9.0/patches/packages/openssh-3.7.1p1-i386-1.tgz

Now i have 3 new  tcp/ip ports into my system: (thank Nmap) :-)

- 867 Open
- 879 Open
- 889 Open

Example:

telnet> open
(to) 127.0.0.1 867
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.

I've verified the GPG signature for the package on ftp.slackware.at, and
it has not been tampered with.  The GPG signature of the
openssh-3.7.1p1.tar.gz has also been tested, and is signed with the
correct signature of the OpenSSH developer who signs such things.
Additionally, I've tested installing the package and found no unexpected
ports were opened.

Conclusion:  This report is false.

These ports are choice random from a range of 300 - 1200 !! and the size
of the tgz is various for every mirror:

628642 Sep 20 17:58 openssh-3.7.1p1-i386-1.tgz (from www.slackware.at)
628481 Sep 20 21:01 openssh-3.7p1-i386-1.tgz   (from www.slackware.com)

Note that these are completely different package versions.

Regards,

Pat
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/bO89akRjwEAQIjMRAt6BAJ9S6WcnjbhfbgcWsfdutcclqxb+LQCfXPMH
L2qPHNBG4TWphoODKN9XBxE=
=n0SI
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault