[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Security Breach Alert - CVS Home File Download Area Compromised
From: |
Conrad T. Pino |
Subject: |
RE: Security Breach Alert - CVS Home File Download Area Compromised |
Date: |
Mon, 24 Jan 2005 16:45:31 -0800 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi All,
> From: Conrad T. Pino
>
> =======================================================
> The Solaris i386 and Mac OS X binary are affected as
> follows:
>
> i. The 8 sampled files "*.gz.sig" will not download.
>
> ii. The 8 sampled files "*.gz" files start downloading
> with the expected file size but the download reaches
> the expected file size and then continues to a file
> size much larger than expected.
A preliminary check of downloaded content indicates the
download content may be a code payload:
============================================================================
An hexadecimal dump utility of reference (I:) and the download (U:) copy:
>dump i:cvs-1.12.11-Darwin-7.7.0-powerpc.gz > dumpi.txt
>dump u:cvs-1.12.11-Darwin-7.7.0-powerpc.gz > dumpu.txt
reveals "dumpi.txt" to be:
000000: 1F 8B 08 08 FA 88 E9 41 - 00 03 63 76 73 2D 31 2E ....z.iA..cvs-1.
000010: 31 32 2E 31 31 2D 44 61 - 72 77 69 6E 2D 37 2E 37 12.11-Darwin-7.7
000020: 2E 30 2D 70 6F 77 65 72 - 70 63 00 EC FD 7D 7C 54 .0-powerpc.l}}|T
000030: D5 F1 00 8C 9F BB BB D9 - 4D 30 B4 8B 2E 35 40 A2 Uq...;;YM04..5@"
000040: 89 04 1B 24 40 A8 D0 DE - B0 09 EC 86 50 2F 06 DA ...$@(P^0.l.P/.Z
000050: A0 A1 80 82 26 24 28 60 - 68 83 84 B2 D1 4D F6 2E !..&$(`h..2QMv.
000060: 59 DA 44 C1 06 02 35 48 - 92 26 40 14 2A 50 50 68 YZDA..5H.&@.*PPh
000070: 41 08 06 79 F9 82 42 0B - 0A 15 2A 20 51 A8 41 A1 A..yy.B...* Q(A!
000080: C5 0A 2D 54 70 9F 99 39 - E7 EE BD BB 09 B4 FD FD E.-Tp..9gn=;.4}}
000090: 9E 3F 1F 3E 9F 25 F7 E5 - DC F3 32 67 CE 9C 99 39 .?.>.%we\s2gN..9
0000A0: F3 F2 CD A5 7F FF 91 31 - 76 27 E3 FF 4C F0 BB 83 srM%...1v'c.Lp;.
0000B0: 31 6B 31 FC 5D 08 3F 09 - 7E F2 93 4F E6 BA 1F 1A 1k1|].?.~r.Of:..
0000C0: FD D8 E8 47 7E CC 0C FF - EC EC 16 FF 2C FC 3B 93 }XhG~L..ll..,|;.
0000D0: E3 C9 27 F3 46 4F CA 8B - F8 26 66 13 BF E4 7F 6D cI'sFOJ.x&f.?d.m
0000E0: F0 8B 12 7F D9 93 4F 96 - 4E F7 94 EA A5 3B 7F DF p...Y.O.Nw.j%;._
0000F0: 2B 83 D9 3E F0 C0 C7 19 - A2 AF F4 4F A5 26 B5 6F
+.Y>address@hidden"/tO%&5o
and "dumpu.txt" to be:
000000: FE ED FA CE 00 00 00 12 - 00 00 00 00 00 00 00 02 ~mzN............
000010: 00 00 00 0B 00 00 06 6C - 00 00 00 85 00 00 00 01 .......l........
000020: 00 00 00 38 5F 5F 50 41 - 47 45 5A 45 52 4F 00 00 ...8__PAGEZERO..
000030: 00 00 00 00 00 00 00 00 - 00 00 10 00 00 00 00 00 ................
000040: 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000050: 00 00 00 04 00 00 00 01 - 00 00 02 14 5F 5F 54 45 ............__TE
000060: 58 54 00 00 00 00 00 00 - 00 00 00 00 00 00 10 00 XT..............
000070: 00 09 B0 00 00 00 00 00 - 00 09 B0 00 00 00 00 07 ..0.......0.....
000080: 00 00 00 05 00 00 00 07 - 00 00 00 00 5F 5F 74 65 ............__te
000090: 78 74 00 00 00 00 00 00 - 00 00 00 00 5F 5F 54 45 xt..........__TE
0000A0: 58 54 00 00 00 00 00 00 - 00 00 00 00 00 00 19 3C XT.............<
0000B0: 00 07 D3 78 00 00 09 3C - 00 00 00 02 00 00 00 00 ..Sx...<........
0000C0: 00 00 00 00 80 00 04 00 - 00 00 00 00 00 00 00 00 ................
0000D0: 5F 5F 70 69 63 73 79 6D - 62 6F 6C 5F 73 74 75 62 __picsymbol_stub
0000E0: 5F 5F 54 45 58 54 00 00 - 00 00 00 00 00 00 00 00 __TEXT..........
0000F0: 00 07 EC B4 00 00 00 00 - 00 07 DC B4 00 00 00 02 ..l4......\4....
============================================================================
An hexadecimal dump utility of reference (I:) and the download (U:) copy:
>dump i:cvs-1.12.11-SunOS-5.8-i386.gz > dumpi.txt
>dump u:cvs-1.12.11-SunOS-5.8-i386.gz > dumpu.txt
reveals "dumpi.txt" to be:
000000: 1F 8B 08 08 F4 4F BF 41 - 00 03 63 76 73 2D 31 2E ....tO?A..cvs-1.
000010: 31 32 2E 31 31 2D 53 75 - 6E 4F 53 2D 35 2E 38 2D 12.11-SunOS-5.8-
000020: 69 33 38 36 00 8C 9B 07 - 78 54 45 F7 C6 17 48 76 i386....xTEwF.Hv
000030: CF DD 0D 29 10 8A 48 09 - 3D F4 00 01 03 84 1E 20 O].)..H.=t.....
000040: 52 03 44 6A 54 84 A8 34 - 11 21 08 2A 4A C0 20 48 R.DjT.(4.!.*J@ H
000050: 47 69 2A 6A 84 48 13 A5 - 88 02 0A 0A 02 4A 37 20 Gi*j.H.%.....J7
000060: 22 28 22 25 F8 21 20 04 - 0C 4D 50 BF 77 92 77 77 "("%x! ..MP?w.ww
000070: CF FF 7E 8B CF 7F 9F E7 - E5 9C DF 39 33 73 E7 CE O.~.O..ge._93sgN
000080: CE 9D 3B F7 6E 98 D0 AE - 73 FB 42 85 0A 39 BC 9F N.;wn.P.s{B..9<.
000090: C2 8E 22 0E 43 F3 A6 07 - 4B 2C EC 86 85 CD F2 E3 B.".Cs&.K,l..Mrc
0000A0: B1 8E 28 47 B0 23 DA 51 - CE 51 C6 E1 CC 67 A3 60 1.(G0#ZQNQFaLg#`
0000B0: 31 B9 4C 2A 98 6D 14 81 - 8E 38 FC 9F 08 DA 20 5A 19L*.m...8|..Z Z
0000C0: FF D1 0A EA F7 DB 6B E5 - 2B 98 59 93 4F 01 A7 EC .Q.jw[ke+.Y.O.'l
0000D0: 0D CB CF 9F 0F 71 38 CE - 55 72 38 5C CC 17 36 6D .KO..q8NUr8\L.6m
0000E0: 1D B0 A0 82 FC 31 B6 E6 - A2 AD 37 66 F4 A8 7A C3 .0 .|16f"-7ft(zC
0000F0: 87 0C AC 37 3C B5 EE E8 - A7 EB D6 37 B1 BE E8 54 ..,7<5nh'kV71>hT
and "dumpu.txt" to be:
000000: 7F 45 4C 46 01 01 01 00 - 00 00 00 00 00 00 00 00 .ELF............
000010: 02 00 03 00 01 00 00 00 - 94 8B 05 08 34 00 00 00 ............4...
000020: B4 97 3B 00 00 00 00 00 - 34 00 20 00 05 00 28 00 4.;.....4. ...(.
000030: 1D 00 1A 00 06 00 00 00 - 34 00 00 00 34 00 05 08 ........4...4...
000040: 00 00 00 00 A0 00 00 00 - A0 00 00 00 05 00 00 00 .... ... .......
000050: 00 00 00 00 03 00 00 00 - D4 00 00 00 00 00 00 00 ........T.......
000060: 00 00 00 00 11 00 00 00 - 00 00 00 00 04 00 00 00 ................
000070: 00 00 00 00 01 00 00 00 - 00 00 00 00 00 00 05 08 ................
000080: 00 00 00 00 5A CA 09 00 - 5A CA 09 00 05 00 00 00 ....ZJ..ZJ......
000090: 00 00 01 00 01 00 00 00 - 5C CA 09 00 5C CA 0F 08 ........\J..\J..
0000A0: 00 00 00 00 E8 0C 00 00 - E5 22 00 00 07 00 00 00 ....h...e"......
0000B0: 00 00 01 00 02 00 00 00 - 04 CD 09 00 04 CD 0F 08 .........M...M..
0000C0: 00 00 00 00 D8 00 00 00 - 00 00 00 00 07 00 00 00 ....X...........
0000D0: 00 00 00 00 2F 75 73 72 - 2F 6C 69 62 2F 6C 64 2E ..../usr/lib/ld.
0000E0: 73 6F 2E 31 00 00 00 00 - 59 03 00 00 57 03 00 00 so.1....Y...W...
0000F0: 01 00 00 00 00 00 00 00 - 02 00 00 00 03 00 00 00 ................
============================================================================
Best regards,
Conrad T. Pino
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4
iQA/AwUBQfWWqrNM28ubzTo9EQLeHACeKM4JgAe1+RlXW7uwEVGFT/A3WYIAniA3
mLm3F+TUBSId/hf+40G8Bt5R
=y/+f
-----END PGP SIGNATURE-----
- Security Breach Alert - CVS Home File Download Area Compromised, Conrad T. Pino, 2005/01/24
- RE: Security Breach Alert - CVS Home File Download Area Compromised, Conrad T. Pino, 2005/01/24
- RE: Security Breach Alert - CVS Home File Download Area Compromised, Conrad T. Pino, 2005/01/24
- RE: Security Breach Alert - CVS Home File Download Area Compromised,
Conrad T. Pino <=
- RE: Security Breach Alert - CVS Home File Download Area Compromised, Conrad T. Pino, 2005/01/24
- Re: Security Breach Alert - CVS Home File Download Area Compromised, Larry Jones, 2005/01/25
- RE: Security Breach Alert - CVS Home File Download Area Compromised, Conrad T. Pino, 2005/01/26
- Re: Security Breach Alert - CVS Home File Download Area Compromised, Arno Schuring, 2005/01/26
- Re: Security Breach Alert - CVS Home File Download Area Compromised, Todd Denniston, 2005/01/26
- RE: Security Breach Alert - CVS Home File Download Area Compromised, Conrad T. Pino, 2005/01/26