View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0003939 | Kali Linux | Kali Package Bug | public | 2017-03-30 09:46 | 2017-03-30 10:18 |
Reporter | dr4kk4r | Assigned To | rhertzog | ||
Priority | high | Severity | major | Reproducibility | always |
Status | closed | Resolution | no change required | ||
Product Version | 2016.2 | ||||
Summary | 0003939: openssh package infected with backdoor - OpenSSH_7.4p1 Debian-9, OpenSSL 1.0.2k 26 Jan 2017 | ||||
Description | In late 2013, Security Researchers identified thousands of Linux systems around the world infected with the OpenSSH backdoor trojan and credential stealer named Linux/Ebury, that allows unauthorized access of an affected computer to the remote attackers. Antivirus Firm ESET's Reseacher team has been tracking and investigating the operation behind Linux/Ebury and today team uncovers the details [Report PDF] of a massive, sophisticated and organized malware campaign called 'Operation Windigo', infected more than 500,000 computers and 25,000 dedicated servers. kali-linux old fix 0001096: openssh package infected with backdoor fix closed | ||||
Steps To Reproduce | Execute this little command in terminal: My Systemuname -a ssh -V ssh -G ssh -G 2>&1 | grep -e illegal -e unknown > /dev/null && echo "System clean" || echo "System infected" ls -1altr /var/cache/apt/archives/openssh* cat /etc/apt/sources.list | ||||
This old check is no longer working... a real -G option has been added in version 6.9 of OpenSSH so the command line test is ineffective. See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796599 for a longer explanation. Kali is not infected by Ebury. |
|