Trojan horse found in OpenSSH software

The OpenBSD project warned yesterday that several versions of OpenSSH, its free network connectivity software, contain a Trojan...

Published: 06 Aug 2002 1:00

The OpenBSD project warned yesterday that several versions of OpenSSH, its free network connectivity software, contain a Trojan horse that can allow an attacker to take over a system.

The SSH protocol is widely used for secure remote terminal connections and file transfers between a client and a server running Unix and its derivatives.

The Trojan horse was discovered in OpenSSH versions 3.2.2p1, 3.4p1 and 3.4. The compromised software was first made available on an official download server on 30 July or 31 July, and from there was likely to have been copied to other download sites.

Trojan horse programs install backdoor programs that let attackers gain access to a computer. In this case the malicious code is run when the OpenSSH software is compiled by the user, the advisory warned. It allows arbitrary commands to be executed with the privileges of the compiling user.

Anyone who installed OpenSSH or offered it for download since 30 July should verify the authenticity of the software. The compromised OpenSSH versions can be identified by their incorrect MD5 checksums and PGP signatures.

More information on the Trojan horse and how to detect it can be found in the OpenSSH advisory www.openssh.com/txt/trojan.adv and an advisory sent out by the Computer Emergence Response Team (CERT) ( www.cert.org/advisories/CA-2002-24.html).

Read more on Antivirus, firewall and IDS products

All
News
In Depth
Opinion
Photo Stories
Videos

Latest News

Download Computer Weekly

In The Current Issue:
- The $10bn question: Why is the US government’s JEDI cloud contract taking so long to award?
- How AI will transform technology leadership
- How IT pros are building resilience against email security threats
Download Current Issue

Latest Blog Posts

DevOps needs more perspective and humility – Write side up - by Freeform Dynamics
UK businesses at risk due to PSD2 security standard myths re-emerging – Fintech makes the world go around
View All Blogs

Start the conversation

Send me notifications when other members comment.

-ADS BY GOOGLE

SearchCIO

How to deal with the lack of chatbot standards

A lack of standards around chatbot development has created a situation in which enterprises are building and rebuilding bots. But...
RPA journey: Schneider Electric's global plan taps Blue Prism, UiPath

Schneider Electric, a multinational energy management company, has embarked on a robotic process automation journey, establishing...
Blurring the lines between RPA platforms and APIs

RPA is quickly making itself known in the automation market, but the real game changer is utilizing the technology in an API-rich...

SearchSecurity

Texas ransomware attack hits 22 municipalities, demands $2.5M

Ransomware attacks hit 22 municipalities around Texas, most of which appear to be smaller local governments, but the details ...
KNOB attack puts all Bluetooth devices at risk

Security researchers discovered a way to force Bluetooth devices to use easy-to-crack encryption keys, which could lead to ...
New network traffic analysis tools focus on security

Companies have used traffic data analytics to improve bandwidth and network performance. Now, though, a new class of tools taps ...

SearchNetworking

Gartner Hype Cycle deems software-defined networking obsolete

A Gartner report on enterprise networking has declared the definition of SDN and its architectural approach as deceased. Cause of...
The top 5 capabilities your edge infrastructure should have

The network edge plays a vital role in the future of networking and digital transformation. Make sure your infrastructure has ...
VMware acquisition of Veriflow to bolster vRealize platform

The VMware acquisition of Veriflow is expected to help vRealize users determine the integrity of a network design before it goes ...

SearchDataCenter

IBM Power chip instruction set now open source

IBM opened up its Power server Instruction Set Architecture allowing the open source community to develop more innovative ...
Big Switch updates its Cloud-First Networking portfolio

Big Switch Networks' new products and features aim to help solve issues such as lack of operational consistency, visibility and ...
How to get out of a bad colocation contract

Renegotiation, legal action and cancellation are all options if your colocation service agreement isn't up to par. But each ...

SearchDataManagement

ArangoDB 3.5 update improves multi-model database platform

ArangoDB 3.5 accelerates its database platform with improved query performance and enhanced data security capabilities, as market...
GDPR, AI intensify privacy and data protection compliance demands

This guide covers the challenges data management teams face on data protection and privacy, particularly with the rise of GDPR ...
SnapLogic boosts its data integration technology with AI

SnapLogic's latest update for its Intelligent Integration Platform aims to make it easier for users to benefit from data ...

Close