On Wed, 2002-11-13 at 20:15, Lupe Christoph wrote: > Please read > >http://www.hlug.org/modules.php?op=modload&name=News&file=article&sid=6&mode=thread&order=0&thold=0 > > Is Debian affected?
If I read this (and the CERT advisory) correctly, the trojan only triggers at compile time, so I don't think normal Debian users are affected, only perhaps the maintainer himself. >From CA-2002-30 (CERT): II. Impact An intruder operating from (or able to impersonate) the remote address specified in the malicious code could gain unauthorized remote access to any host that compiled a version of tcpdump with this Trojan horse. The privilege level under which this malicious code would be executed would be that of the user who compiled the source code. "... any host that compiled ..." means to me that the Debian packages shouldn't be affected. -- Tot ziens, Bart-Jan Vrielink -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]