CVE
- Id
- 643
- CVE No.
- CVE-1999-0661
- Status
- Candidate
- Description
- A system is running a version of software that was replaced with a Trojan Horse at one of its distribution points, such as (1) TCP Wrappers 7.6, (2) util-linux 2.9g, (3) wuarchive ftpd (wuftpd) 2.2 and 2.1f, (4) IRC client (ircII) ircII 2.2.9, (5) OpenSSH 3.4p1, or (6) Sendmail 8.12.6.
- Phase
- Modified (20050529)
- Votes
- ACCEPT(4) Baker, Hill, Northcutt, Wall | REVIEWING(1) Christey
- Comments
- Christey> Should add the specific CERT advisory references for | well-known Trojaned software. | TCP Wrappers -> CERT:CA-1999-01 | CERT:CA-1999-02 includes util-linux | wuarchive - CERT:CA-94.07 | IRC client - CERT:CA-1994-14 | Christey> BUGTRAQ:20020801 trojan horse in recent openssh (version 3.4 portable 1) | Modify description to use dot notation. | Christey> CERT:CA-2002-24 | URL:http://www.cert.org/advisories/CA-2002-24.html | XF:openssh-backdoor(9763) | URL:http://www.iss.net/security_center/static/9763.php | BID:5374 | URL:http://www.securityfocus.com/bid/5374 | CHANGE> [Christey changed vote from NOOP to REVIEWING] | Christey> Add libpcap and tcpdump: | BUGTRAQ:20021113 Latest libpcap & tcpdump sources from tcpdump.org contain a trojan | URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103722456708471&w=2 | CERT:CA-2002-30 | URL:http://www.cert.org/advisories/CA-2002-30.html | | This CAN has been active for over 4 years. At this moment, my | thinking is that we should SPLIT this CAN into each separate | trojaned product, then create some criteria that restrict | creation of new CANs to "widespread" or "important" products only.
