Trojan horse found in OpenSSH software

The OpenBSD project warned yesterday that several versions of OpenSSH, its free network connectivity software, contain a Trojan...

The OpenBSD project warned yesterday that several versions of OpenSSH, its free network connectivity software, contain a Trojan horse that can allow an attacker to take over a system.

The SSH protocol is widely used for secure remote terminal connections and file transfers between a client and a server running Unix and its derivatives.

The Trojan horse was discovered in OpenSSH versions 3.2.2p1, 3.4p1 and 3.4. The compromised software was first made available on an official download server on 30 July or 31 July, and from there was likely to have been copied to other download sites.

Trojan horse programs install backdoor programs that let attackers gain access to a computer. In this case the malicious code is run when the OpenSSH software is compiled by the user, the advisory warned. It allows arbitrary commands to be executed with the privileges of the compiling user.

Anyone who installed OpenSSH or offered it for download since 30 July should verify the authenticity of the software. The compromised OpenSSH versions can be identified by their incorrect MD5 checksums and PGP signatures.

More information on the Trojan horse and how to detect it can be found in the OpenSSH advisory www.openssh.com/txt/trojan.adv and an advisory sent out by the Computer Emergence Response Team (CERT) ( www.cert.org/advisories/CA-2002-24.html).

Read more on Antivirus, firewall and IDS products

All
News
In Depth
Opinion
Photo Stories
Videos

Latest News

Download Computer Weekly

In The Current Issue:
- Manchester’s evolution from rag trade to e-commerce riches
- Trusted nodes: The next generation in quantum key distribution
- CTO interview: Proving new technology at Bloomberg
Download Current Issue

Latest Blog Posts

What is a software ‘connector’? – Open Source Insider
Shock Headline: IT Saves $$$$ (again)! – Networks Generation
View All Blogs

Start the conversation

Send me notifications when other members comment.

-ADS BY GOOGLE

SearchCIO

BPMS architecture modernizes legacy tech, makes IT more strategic

The technology of the past put humans on the moon, but it's bringing businesses to a breaking point. Here's why CIOs should ...
AI in ITSM equals 'service intelligence' -- ITSM's next frontier

AI in ITSM, or 'service intelligence,' is the next logical step in IT's mastery of professional service delivery. ITSM expert ...
Lottery.com eyeing blockchain for charity games to boost transparency

Online mobile lottery service Lottery.com wants to use blockchain as a service to bolster a new business initiative: expanding ...

SearchSecurity

Mozilla distrusts all Symantec certificates with Firefox 64 release

News roundup: Mozilla finally removes trust for Symantec certificates with Firefox 64. Plus, Supermicro's investigation ...
Initial RSA Conference 2019 keynote lineup released

RSA Conference 2019's diversity and inclusion initiative appears to be paying off, as the initial keynote speaker lineup has ...
Project Zero finds Logitech Options app critically flawed

Tavis Ormandy of Google's Project Zero discovered a serious authentication vulnerability in Logitech's Options application, but ...

SearchNetworking

Cumulus Linux, NetQ available for Lenovo RackSwitch

The combination of Lenovo RackSwitch models with Cumulus Linux and NetQ monitoring software is aimed at companies that prefer ...
Providers widen telecom cloud services for the enterprise

Some traditional service providers are reinventing telecom cloud services enabled by new networking partnerships and technologies...
Arista EOS containers integrated with Red Hat, Tigera products

Arista EOS containers have been integrated with Red Hat OpenShift and Tigera security software.

SearchDataCenter

Security, staffing land atop IT's edge computing challenges

Edge computing is a new way for data center admins to process data closer to the source, but it comes with challenges around ...
Edge computing architecture helps IT support augmented reality

Augmented reality benefits greatly from reduced latency, which makes edge computing a perfect partner in the data center.
Streamline data center power usage tracking with DCIM

If you want a more in-depth picture of your data center's power consumption, explore DCIM options that provide server workload ...

SearchDataManagement

Data companies vie to fill spots in AWS cloud data lineup

Third-party players looking to join Amazon Web Services' cloud data lineup tout hedges against cloud lock-in. The vendors must ...
FaunaDB distributed cloud database hunts transactional NoSQL

Startup Fauna has built a "relational NoSQL" database for distributed transaction processing. Data consistency and speedy builds ...
HR makes major strides toward improving employee engagement

Close