warning on tcpdump and libcap
Paul Bryan
pa_bryan at yahoo.co.uk
Thu Nov 14 09:51:41 EST 2002
On Thursday 14 November 2002 02:33, Ian McCulloch wrote:
> On Wed, 13 Nov 2002, Ken Walker wrote:
> > warning on tcpdump and libcap
> >
> > I've just recieved the following, don't know if its true !
> >
> > >Hi,
> > >
> > >Apparently libpcap and tcpdump have been trojaned, in a similar way to
> > >openssh earlier this year. Information about how long this has been the
> > >case is sketchy. Trojaned versions appear to have made it out to a
> > >number of mirrors.
>
> [snip]
>
> It seems to be true. Slashdot are running a story on it now, you can
> still download the interesting code from
> http://mars.raketti.net/~mash/services , there is a shell script buried in
> what otherwise looks like an ordinary /etc/services file.
There's a CERT advisory for it now: CA-2002-30 Trojan Horse tcpdump and
libpcap Distributions.
Paul
More information about the linux
mailing list