Bugtraq mailing list archives
Re: <Advice> Possible Backdoor into openssh-3.7.1p1-i386-1.tgz from Slackware Mirror
From: "Patrick J. Volkerding" <security () slackware com>
Date: Sat, 20 Sep 2003 17:22:16 -0700 (PDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sat, 20 Sep 2003, Piermark wrote:
Hi, I have update my Slackware 9.0 with openssh-3.7.1p1-i386-1.tgz from http://www.slackware.at/data/slackware-9.0/patches/packages/openssh-3.7.1p1-i386-1.tgz Now i have 3 new tcp/ip ports into my system: (thank Nmap) :-) - 867 Open - 879 Open - 889 Open Example: telnet> open (to) 127.0.0.1 867 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'.
I've verified the GPG signature for the package on ftp.slackware.at, and it has not been tampered with. The GPG signature of the openssh-3.7.1p1.tar.gz has also been tested, and is signed with the correct signature of the OpenSSH developer who signs such things. Additionally, I've tested installing the package and found no unexpected ports were opened. Conclusion: This report is false.
These ports are choice random from a range of 300 - 1200 !! and the size of the tgz is various for every mirror: 628642 Sep 20 17:58 openssh-3.7.1p1-i386-1.tgz (from www.slackware.at) 628481 Sep 20 21:01 openssh-3.7p1-i386-1.tgz (from www.slackware.com)
Note that these are completely different package versions. Regards, Pat -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/bO89akRjwEAQIjMRAt6BAJ9S6WcnjbhfbgcWsfdutcclqxb+LQCfXPMH L2qPHNBG4TWphoODKN9XBxE= =n0SI -----END PGP SIGNATURE-----
Current thread:
- <Advice> Possible Backdoor into openssh-3.7.1p1-i386-1.tgz from Slackware Mirror Piermark (Sep 20)
- Re: <Advice> Possible Backdoor into openssh-3.7.1p1-i386-1.tgz from Slackware Mirror Martin Östlund (Sep 20)
- Re: <Advice> Possible Backdoor into openssh-3.7.1p1-i386-1.tgz from Slackware Mirror Robert Jaroszuk (Sep 20)
- Re: <Advice> Possible Backdoor into openssh-3.7.1p1-i386-1.tgz from Slackware Mirror Patrick J. Volkerding (Sep 20)