Trojan horse found in OpenSSH software
The OpenBSD project warned yesterday that several versions of OpenSSH, its free network connectivity software, contain a Trojan...
The importance of web security
Join us as we take a look at the different approaches you can take in order to bolster your web security. We find out how to identify and address overlooked web security vulnerabilities, how security controls affect web security assessment results and why web opportunities must be met with appropriate security controls.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.
The SSH protocol is widely used for secure remote terminal connections and file transfers between a client and a server running Unix and its derivatives.
The Trojan horse was discovered in OpenSSH versions 3.2.2p1, 3.4p1 and 3.4. The compromised software was first made available on an official download server on 30 July or 31 July, and from there was likely to have been copied to other download sites.
Trojan horse programs install backdoor programs that let attackers gain access to a computer. In this case the malicious code is run when the OpenSSH software is compiled by the user, the advisory warned. It allows arbitrary commands to be executed with the privileges of the compiling user.
Anyone who installed OpenSSH or offered it for download since 30 July should verify the authenticity of the software. The compromised OpenSSH versions can be identified by their incorrect MD5 checksums and PGP signatures.
More information on the Trojan horse and how to detect it can be found in the OpenSSH advisory www.openssh.com/txt/trojan.adv and an advisory sent out by the Computer Emergence Response Team (CERT) ( www.cert.org/advisories/CA-2002-24.html).
Start the conversation
0 comments