[oclug] Re: libcrypto.so.0.9.6 modified
Adrian Irving-Beer
wisq-oclug at wisq.net
Fri Feb 4 14:12:46 EST 2005
On Thu, Feb 03, 2005 at 12:51:55PM -0500, Patrick O'Halloran wrote:
> >Including security patches, and even after downloading the latest
> >package listings?
>
> Absolutely. I guess I should note that I am running the stable
> branch. Any need to be concerned about the versions of SSH or
> OpenSSL used in Woody Stable?
I hope not. ;)
> >Intrusion or an attempt is not out of the question. This is why I
> >always try to keep /usr mounted read-only.
>
> Yes, intrusion is a possibility but the system seems fine in every
> other way. There is nothing else troubling in any other log files,
> no binaries flagged as modified, no new accounts created, no strange
> processes, no strange directories, no root kits found, etc, etc.
The fact that OpenSSH (and Debian by extension) tends to remain fairly
up to date with regards to SSH security also supports this.
Of course, bear in mind that it could also just be a failed attempt.
In any case, perhaps there's some way to run a binary diff and examine
it. Are the file sizes different?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://tux.oclug.on.ca/pipermail/oclug/attachments/20050204/01aa126b/attachment.bin
More information about the OCLUG
mailing list