Short version: if you installed OpenSSH 3.2.2p1, 3.4p1, or 3.4 from the code on the OpenBSD FTP server on July 30th or 31st, you are vulnerable. The trojaned packages may have propagated to mirror sites.

Full version: http://online.securityfocus.com/archive/1/285554/2002-07-29/2002-08-04/0

Update: A partial list of mirrors carrying the trojaned code can be found at http://online.securityfocus.com/archive/1/285599/2002-07-29/2002-08-04/0

--
The hell with paco, vote for Erudil!
:wq

Replies are listed 'Best First'.
Re: (OT) OpenSSH distributions trojaned
by Anonymous Monk on Aug 02, 2002 at 10:36 UTC
    What is to keep the same thing from happening to CPAN?
[reply]

Back to Perl News