Subject: Re: Trojans in libpcap and tcpdump
To: Stefan Schumacher <stefan@net-tex.de>
From: David Maxwell <david@vex.net>
List: netbsd-users
Date: 11/13/2002 14:39:05
On Wed, Nov 13, 2002 at 06:52:38PM +0100, Stefan Schumacher wrote:
> Hi there,
>
> report was given that trojans were detected in libpcap and tcpdump.
>
> http://hlug.fscker.com/
>
> I fetched tcpdump and libpcap and took a look in the sources, seems so as
> if we IMHO are not affected.
That is correct.
I've been at the console of the tcpdump.org server today, working with
Michael Richardson to investigate the problem. He will release a
statement on the details at some point. The system was not running an
up to date version of NetBSD, so there is no indication that users with
up to date systems are vulnerable to some new bug.
The trojan was installed within the last two days. The signatures in
pkgsrc are eight _months_ old. Users installing from pkgsrc (source, or
binary packages) could not be affected by this trojan without
specifically overriding the incorrect signature on the distribution
file.
Michael's contact information is listed in the whois entry for the
tcpdump.org domain, but as far as I know, he did not receive a call
about this issue, it was slashdotted.
--
David Maxwell, david@vex.net|david@maxwell.net --> Mastery of UNIX, like
mastery of language, offers real freedom. The price of freedom is always dear,
but there's no substitute. Personally, I'd rather pay for my freedom than live
in a bitmapped, pop-up-happy dungeon like NT. - Thomas Scoville