Trojan horse found in OpenSSH software

The OpenBSD project warned yesterday that several versions of OpenSSH, its free network connectivity software, contain a Trojan...

Published: 06 Aug 2002 1:00

The OpenBSD project warned yesterday that several versions of OpenSSH, its free network connectivity software, contain a Trojan horse that can allow an attacker to take over a system.

The SSH protocol is widely used for secure remote terminal connections and file transfers between a client and a server running Unix and its derivatives.

The Trojan horse was discovered in OpenSSH versions 3.2.2p1, 3.4p1 and 3.4. The compromised software was first made available on an official download server on 30 July or 31 July, and from there was likely to have been copied to other download sites.

Trojan horse programs install backdoor programs that let attackers gain access to a computer. In this case the malicious code is run when the OpenSSH software is compiled by the user, the advisory warned. It allows arbitrary commands to be executed with the privileges of the compiling user.

Anyone who installed OpenSSH or offered it for download since 30 July should verify the authenticity of the software. The compromised OpenSSH versions can be identified by their incorrect MD5 checksums and PGP signatures.

More information on the Trojan horse and how to detect it can be found in the OpenSSH advisory www.openssh.com/txt/trojan.adv and an advisory sent out by the Computer Emergence Response Team (CERT) ( www.cert.org/advisories/CA-2002-24.html).

Read more on Antivirus, firewall and IDS products

Critical Kubernetes vulnerability could have widespread effects News roundup: A critical Kubernetes vulnerability was found in the system's API server and could have a wide reach. Plus, ESET found 21 new Linux malware families, and more.

Audio codec flaw imperils multiple applications Multiple vendors are affected by a serious Free-Lossless Audio Codec (FLAC) flaw attackers could exploit to hijack targeted systems, US-CERT and eEye Digital Security warned.

Twin Trojans use PowerPoint to spread Researchers aren't yet sure if troublesome new Trojan horse programs are exploiting a new PowerPoint flaw or the vulnerabilities Microsoft patched Aug. 8.

Trojan targets Microsoft PowerPoint flaw Update: The exploit might be tied to an older flaw in Excel. Attackers who exploit the serious flaw could launch arbitrary code. Microsoft says it is investigating.

Security Bytes: Phishing scheme targets American Express customers Meanwhile: Personal data on 66,000 newspaper subscribers is leaked online, and a Trojan horse hijacks data and demands ransom.

SearchCIO

Trojan horse found in OpenSSH software

The OpenBSD project warned yesterday that several versions of OpenSSH, its free network connectivity software, contain a Trojan...

Read more on Antivirus, firewall and IDS products

Start the conversation

0 comments

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

IT workforce skews younger, says analysis of US data

Top edge computing trends to watch in 2020

Shell, Halliburton, Unibap AB execs share real-world AI strategies

SearchSecurity

City of Pensacola hit by ransomware attack

Ryuk ransomware change breaks decryption tool

Use a data privacy framework to keep your information secure

SearchNetworking

Test your knowledge of SD-WAN deployments and testing

4 SD-WAN vendors integrate with AWS Transit Gateway

Assess the Wi-Fi 6 features available in Wave 1 and Wave 2

SearchDataCenter

Comparing Linux distributions: Red Hat vs. Ubuntu

Get eco-friendly with LEED data center certification

Top 4 open source automation tools for admins

SearchDataManagement

Data warehouse technologies evolve as vendors look skyward

How to streamline feature engineering for machine learning

Top database cloud migration considerations for enterprises

Read more on Antivirus, firewall and IDS products

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.