RE: Security Breach Alert - CVS Home File Download Area Compromised

info-cvs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Security Breach Alert - CVS Home File Download Area Compromised

From:	Conrad T. Pino
Subject:	RE: Security Breach Alert - CVS Home File Download Area Compromised
Date:	Mon, 24 Jan 2005 16:45:31 -0800

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi All,

> From: Conrad T. Pino
>  
> =======================================================
> The Solaris i386 and Mac OS X binary are affected as
> follows:
> 
> i. The 8 sampled files "*.gz.sig" will not download.
> 
> ii. The 8 sampled files "*.gz" files start downloading
> with the expected file size but the download reaches
> the expected file size and then continues to a file
> size much larger than expected.

A preliminary check of downloaded content indicates the
download content may be a code payload:
============================================================================
An hexadecimal dump utility of reference (I:) and the download (U:) copy:

>dump i:cvs-1.12.11-Darwin-7.7.0-powerpc.gz > dumpi.txt
>dump u:cvs-1.12.11-Darwin-7.7.0-powerpc.gz > dumpu.txt

reveals "dumpi.txt" to be:

000000:  1F 8B 08 08 FA 88 E9 41 - 00 03 63 76 73 2D 31 2E  ....z.iA..cvs-1.
000010:  31 32 2E 31 31 2D 44 61 - 72 77 69 6E 2D 37 2E 37  12.11-Darwin-7.7
000020:  2E 30 2D 70 6F 77 65 72 - 70 63 00 EC FD 7D 7C 54  .0-powerpc.l}}|T
000030:  D5 F1 00 8C 9F BB BB D9 - 4D 30 B4 8B 2E 35 40 A2  Uq...;;YM04..5@"
000040:  89 04 1B 24 40 A8 D0 DE - B0 09 EC 86 50 2F 06 DA  ...$@(P^0.l.P/.Z
000050:  A0 A1 80 82 26 24 28 60 - 68 83 84 B2 D1 4D F6 2E   !..&$(`h..2QMv.
000060:  59 DA 44 C1 06 02 35 48 - 92 26 40 14 2A 50 50 68  YZDA..5H.&@.*PPh
000070:  41 08 06 79 F9 82 42 0B - 0A 15 2A 20 51 A8 41 A1  A..yy.B...* Q(A!

000080:  C5 0A 2D 54 70 9F 99 39 - E7 EE BD BB 09 B4 FD FD  E.-Tp..9gn=;.4}}
000090:  9E 3F 1F 3E 9F 25 F7 E5 - DC F3 32 67 CE 9C 99 39  .?.>.%we\s2gN..9
0000A0:  F3 F2 CD A5 7F FF 91 31 - 76 27 E3 FF 4C F0 BB 83  srM%...1v'c.Lp;.
0000B0:  31 6B 31 FC 5D 08 3F 09 - 7E F2 93 4F E6 BA 1F 1A  1k1|].?.~r.Of:..
0000C0:  FD D8 E8 47 7E CC 0C FF - EC EC 16 FF 2C FC 3B 93  }XhG~L..ll..,|;.
0000D0:  E3 C9 27 F3 46 4F CA 8B - F8 26 66 13 BF E4 7F 6D  cI'sFOJ.x&f.?d.m
0000E0:  F0 8B 12 7F D9 93 4F 96 - 4E F7 94 EA A5 3B 7F DF  p...Y.O.Nw.j%;._
0000F0:  2B 83 D9 3E F0 C0 C7 19 - A2 AF F4 4F A5 26 B5 6F  
+.Y>address@hidden"/tO%&5o

and "dumpu.txt" to be:

000000:  FE ED FA CE 00 00 00 12 - 00 00 00 00 00 00 00 02  ~mzN............
000010:  00 00 00 0B 00 00 06 6C - 00 00 00 85 00 00 00 01  .......l........
000020:  00 00 00 38 5F 5F 50 41 - 47 45 5A 45 52 4F 00 00  ...8__PAGEZERO..
000030:  00 00 00 00 00 00 00 00 - 00 00 10 00 00 00 00 00  ................
000040:  00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00  ................
000050:  00 00 00 04 00 00 00 01 - 00 00 02 14 5F 5F 54 45  ............__TE
000060:  58 54 00 00 00 00 00 00 - 00 00 00 00 00 00 10 00  XT..............
000070:  00 09 B0 00 00 00 00 00 - 00 09 B0 00 00 00 00 07  ..0.......0.....

000080:  00 00 00 05 00 00 00 07 - 00 00 00 00 5F 5F 74 65  ............__te
000090:  78 74 00 00 00 00 00 00 - 00 00 00 00 5F 5F 54 45  xt..........__TE
0000A0:  58 54 00 00 00 00 00 00 - 00 00 00 00 00 00 19 3C  XT.............<
0000B0:  00 07 D3 78 00 00 09 3C - 00 00 00 02 00 00 00 00  ..Sx...<........
0000C0:  00 00 00 00 80 00 04 00 - 00 00 00 00 00 00 00 00  ................
0000D0:  5F 5F 70 69 63 73 79 6D - 62 6F 6C 5F 73 74 75 62  __picsymbol_stub
0000E0:  5F 5F 54 45 58 54 00 00 - 00 00 00 00 00 00 00 00  __TEXT..........
0000F0:  00 07 EC B4 00 00 00 00 - 00 07 DC B4 00 00 00 02  ..l4......\4....
============================================================================
An hexadecimal dump utility of reference (I:) and the download (U:) copy:

>dump i:cvs-1.12.11-SunOS-5.8-i386.gz > dumpi.txt
>dump u:cvs-1.12.11-SunOS-5.8-i386.gz > dumpu.txt

reveals "dumpi.txt" to be:

000000:  1F 8B 08 08 F4 4F BF 41 - 00 03 63 76 73 2D 31 2E  ....tO?A..cvs-1.
000010:  31 32 2E 31 31 2D 53 75 - 6E 4F 53 2D 35 2E 38 2D  12.11-SunOS-5.8-
000020:  69 33 38 36 00 8C 9B 07 - 78 54 45 F7 C6 17 48 76  i386....xTEwF.Hv
000030:  CF DD 0D 29 10 8A 48 09 - 3D F4 00 01 03 84 1E 20  O].)..H.=t..... 
000040:  52 03 44 6A 54 84 A8 34 - 11 21 08 2A 4A C0 20 48  R.DjT.(4.!.*J@ H
000050:  47 69 2A 6A 84 48 13 A5 - 88 02 0A 0A 02 4A 37 20  Gi*j.H.%.....J7 
000060:  22 28 22 25 F8 21 20 04 - 0C 4D 50 BF 77 92 77 77  "("%x! ..MP?w.ww
000070:  CF FF 7E 8B CF 7F 9F E7 - E5 9C DF 39 33 73 E7 CE  O.~.O..ge._93sgN

000080:  CE 9D 3B F7 6E 98 D0 AE - 73 FB 42 85 0A 39 BC 9F  N.;wn.P.s{B..9<.
000090:  C2 8E 22 0E 43 F3 A6 07 - 4B 2C EC 86 85 CD F2 E3  B.".Cs&.K,l..Mrc
0000A0:  B1 8E 28 47 B0 23 DA 51 - CE 51 C6 E1 CC 67 A3 60  1.(G0#ZQNQFaLg#`
0000B0:  31 B9 4C 2A 98 6D 14 81 - 8E 38 FC 9F 08 DA 20 5A  19L*.m...8|..Z Z
0000C0:  FF D1 0A EA F7 DB 6B E5 - 2B 98 59 93 4F 01 A7 EC  .Q.jw[ke+.Y.O.'l
0000D0:  0D CB CF 9F 0F 71 38 CE - 55 72 38 5C CC 17 36 6D  .KO..q8NUr8\L.6m
0000E0:  1D B0 A0 82 FC 31 B6 E6 - A2 AD 37 66 F4 A8 7A C3  .0 .|16f"-7ft(zC
0000F0:  87 0C AC 37 3C B5 EE E8 - A7 EB D6 37 B1 BE E8 54  ..,7<5nh'kV71>hT

and "dumpu.txt" to be:

000000:  7F 45 4C 46 01 01 01 00 - 00 00 00 00 00 00 00 00  .ELF............
000010:  02 00 03 00 01 00 00 00 - 94 8B 05 08 34 00 00 00  ............4...
000020:  B4 97 3B 00 00 00 00 00 - 34 00 20 00 05 00 28 00  4.;.....4. ...(.
000030:  1D 00 1A 00 06 00 00 00 - 34 00 00 00 34 00 05 08  ........4...4...
000040:  00 00 00 00 A0 00 00 00 - A0 00 00 00 05 00 00 00  .... ... .......
000050:  00 00 00 00 03 00 00 00 - D4 00 00 00 00 00 00 00  ........T.......
000060:  00 00 00 00 11 00 00 00 - 00 00 00 00 04 00 00 00  ................
000070:  00 00 00 00 01 00 00 00 - 00 00 00 00 00 00 05 08  ................

000080:  00 00 00 00 5A CA 09 00 - 5A CA 09 00 05 00 00 00  ....ZJ..ZJ......
000090:  00 00 01 00 01 00 00 00 - 5C CA 09 00 5C CA 0F 08  ........\J..\J..
0000A0:  00 00 00 00 E8 0C 00 00 - E5 22 00 00 07 00 00 00  ....h...e"......
0000B0:  00 00 01 00 02 00 00 00 - 04 CD 09 00 04 CD 0F 08  .........M...M..
0000C0:  00 00 00 00 D8 00 00 00 - 00 00 00 00 07 00 00 00  ....X...........
0000D0:  00 00 00 00 2F 75 73 72 - 2F 6C 69 62 2F 6C 64 2E  ..../usr/lib/ld.
0000E0:  73 6F 2E 31 00 00 00 00 - 59 03 00 00 57 03 00 00  so.1....Y...W...
0000F0:  01 00 00 00 00 00 00 00 - 02 00 00 00 03 00 00 00  ................
============================================================================
Best regards,

Conrad T. Pino

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4

iQA/AwUBQfWWqrNM28ubzTo9EQLeHACeKM4JgAe1+RlXW7uwEVGFT/A3WYIAniA3
mLm3F+TUBSId/hf+40G8Bt5R
=y/+f
-----END PGP SIGNATURE-----

[Prev in Thread]

Current Thread

[Next in Thread]

Security Breach Alert - CVS Home File Download Area Compromised, Conrad T. Pino, 2005/01/24
- RE: Security Breach Alert - CVS Home File Download Area Compromised, Conrad T. Pino, 2005/01/24
  - RE: Security Breach Alert - CVS Home File Download Area Compromised, Conrad T. Pino, 2005/01/24
    - RE: Security Breach Alert - CVS Home File Download Area Compromised, Conrad T. Pino <=
    - RE: Security Breach Alert - CVS Home File Download Area Compromised, Conrad T. Pino, 2005/01/24
    - Re: Security Breach Alert - CVS Home File Download Area Compromised, Larry Jones, 2005/01/25
    - RE: Security Breach Alert - CVS Home File Download Area Compromised, Conrad T. Pino, 2005/01/26
    - Re: Security Breach Alert - CVS Home File Download Area Compromised, Arno Schuring, 2005/01/26
    - Re: Security Breach Alert - CVS Home File Download Area Compromised, Todd Denniston, 2005/01/26
    - RE: Security Breach Alert - CVS Home File Download Area Compromised, Conrad T. Pino, 2005/01/26
- RE: Security Breach Alert - CVS Home File Download Area Compromised, Conrad T. Pino, 2005/01/26
- RE: Security Breach Alert - CVS Home File Download Area Compromised, Conrad T. Pino, 2005/01/26
  - Re: Security Breach Alert - CVS Home File Download Area Compromised, Derek Price, 2005/01/26
    - RE: Security Breach Alert - CVS Home File Download Area Compromised, Conrad T. Pino, 2005/01/26

Prev by Date: RE: Security Breach Alert - CVS Home File Download Area Compromised
Next by Date: RE: Security Breach Alert - CVS Home File Download Area Compromised
Previous by thread: RE: Security Breach Alert - CVS Home File Download Area Compromised
Next by thread: RE: Security Breach Alert - CVS Home File Download Area Compromised
Index(es):
- Date
- Thread