openssh
Trojan Horse in OpenSSH Distribution Files
Malicious code was discovered in OpenSSH distribution files on the official OpenBSD FTP server. The trojan was inserted into the source code archives and would activate during compilation, connecting to a remote server on IRC port 6667 and allowing arbitrary command execution. The backdoor was discovered quickly and the compromised files were replaced with clean versions before widespread damage could occur.
- Date
- 2002-07-30 to 2002-08-01
- Category
- Open Source
- Target Surface
- Distribution
- Insertion Phase
- distribution
- Impact
- Limited
- Cause
- Sabotage
What Was Affected
Package
openssh
LanguageC
ComponentApplication
Artifact typetar archive
Domain typecode distribution
Domain
openssh.com
Compromised Versions
- 3.2.2p1
- 3.4p1
- 3.4
Incident Context
- Motive
- Unauthorized Access/Control
- Transitive
- No
- Observed Duration
- 2 days
Evidence
Compromised Artifacts
- ftp.openbsd.orgpub/OpenBSD/OpenSSH/openssh-3.4p1.tar.gz
- ftp.openbsd.orgpub/OpenBSD/OpenSSH/openssh-3.4.tgz
- ftp.openbsd.orgpub/OpenBSD/OpenSSH/openssh-3.2.2p1.tar.gz
Current Artifacts and Analysis
Indicators and Changes
Hashes
md5:3ac9bc346d736b4a51d676faa2a08a57
Commits
None
External References
Source Data
Source record: oss/openssh/meta.yaml