lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ILEPILDHBOLAHHEIMALBEECIFGAA.jasonc@science.org>
Date: Fri, 25 Apr 2003 11:27:01 -1000
From: "Jason Coombs" <jasonc@...ence.org>
To: "Michael Howard" <mikehow@...rosoft.com>, <bugtraq@...urityfocus.com>
Cc: <full-disclosure@...ts.netsys.com>
Subject: RE: Windows Server 2003 Security Guide available


For all the progress Microsoft has made lately in understanding security, it's
the simple things that most of us take for granted as obvious that still get
overlooked for some reason.

Microsoft does not distribute these guides using SSL, so the distribution is
vulnerable to MITM attacks.

Anyone interested in downloading these guides must be aware that they are
distributed by Microsoft in the form of self-extracting .exe's bearing digital
signatures embedded in the Portable Executable file's header section. A
properly-constructed malicious .exe could, in principle, embed malicious code
in a PE file header such that the digital signature verification feature of
Windows Explorer could be attacked as signature verification is performed.
Therefore, trusting Windows Explorer to verify the digital signature applied
to .exe's that you download from an untrustworthy remote server (one that does
not use SSL, for example) may itself result in the execution of arbitrary
malicious code selected by the MITM.

Assuming that you're willing to take this risk (which you should do on an
isolated test box for extra safety) you must also be aware that Microsoft
doesn't bother to tell you how you will know if the .exe's signature is the
one they applied; here is what appears to be the public key and thumbprint for
each signature, if you see anything else you should assume that the .exe is
not trustworthy (why Microsoft insists on distributing .exe's for
documentation is another question that we'll probably never get answered):

Each file appears to be signed with the following certificate chain:

certificate subject:

CN = Microsoft Corporation
OU = Copyright (c) 2002 Microsoft Corp.
O = Microsoft Corporation
L = Redmond
S = Washington
C = US

certificate issuer:

CN = Microsoft Code Signing PCA
OU = Copyright (c) 2000 Microsoft Corp.
O = Microsoft Corporation
L = Redmond
S = Washington
C = US

root certificate:

CN = Microsoft Root Authority
OU = Microsoft Corporation
OU = Copyright (c) 1997 Microsoft Corp.

certificate public key:

3082 010A 0282 0101 00AA 99BD 39A8 1827 F42B 3D0B 4C3F 7C77 2EA7 CBB5 D18C
0DC2 3A74 D793 B5E0 A04B 3F59 5ECE 454F 9A79 29F1 49CC 1A47 EE55 C208 3E12
20F8 55F2 EE5F D3E0 CA96 BC30 DEFE 58C8 2732 D085 54E8 F091 10BB F32B BE19
E503 9B0B 861D F3B0 398C B8FD 0B1D 3C73 26AC 572B CA29 A215 9082 15E2 77A3
4052 038B 9DC2 70BA 1FE9 34F6 F335 924E 5583 F8DA 30B6 20DE 5706 B55A 4206
DE59 CBF2 DFA6 BD15 4771 1925 23D2 CB6F 9B19 79DF 6A5B F176 0579 29FC C356
CA8F 4408 8555 8ACB C80F 464B 55CB 8C96 774A 87E8 A941 06C7 FF0D E968 5763
72C3 6957 B443 CF32 3A30 DC1B E9D5 4326 2A79 FE95 DB22 6724 C92F D034 E3E6
FB51 4986 B83C D025 5FD6 EC9E 0361 87A9 6840 C7F8 E203 E6CF 0502 0301 0001

The files are as follows:

Windows Server 2003 Security Guide:
http://go.microsoft.com/fwlink/?LinkId=14845

filename: Windows_Server_2003_Security_Guide.exe
size: 2.33 MB (2,452,088 bytes)

timestamp: Thursday, April 24, 2003 1:31:41 PM

signature sha1 hash: 04 14 4A 56 67 F6 CF 44 58 E4 05 F9 76 54 3C 03 8F 01 73
7A 5A ED

file's SIP sha1 hash:
66-61-CF-B9-0B-EB-F5-A8-37-5A-F4-A2-B7-10-57-BE-6B-F5-83-72

full-file sha1 hash: 6661cfb90bebf5a8375af4a2b71057be6bf58372

--

Threats and Countermeasures: Security Settings in Windows Server 2003
and Windows XP
http://go.microsoft.com/fwlink/?LinkId=15159

filename: Threats_and_Countermeasures_Guide.exe
size: 1.45 MB (1,522,296 bytes)

timestamp: Thursday, April 24, 2003 1:31:11 PM

signature sha1 hash: 04 14 FF 07 49 0F 8B 6A 38 DF BD B9 85 5F 43 54 04 D7 8F
7D 6C 1B

file's SIP sha1 hash:
2C-14-BE-90-4D-47-A9-66-56-07-20-72-1C-C3-3B-9D-76-23-6D-13

full-file sha1 hash: 2c14be904d47a966560720721cc33b9d76236d13

--

MSS Glossary:
http://go.microsoft.com/fwlink/?LinkId=16256

filename: Microsoft_Solutions_for_Security_Glossary.exe
size: 494 KB (506,440 bytes)

timestamp: Thursday, April 24, 2003 10:52:16 AM

signature sha1 hash: 04 14 9C 95 C3 92 93 D6 E1 B7 99 AA A2 EE 42 D9 00 7F E8
DE 15 17

file's SIP sha1 hash:
51-96-51-F5-0F-94-FD-33-79-CA-63-E9-36-63-59-5D-6F-D0-E1-FC

full-file sha1 hash: 519651f50f94fd3379ca63e93663595d6fd0e1fc

--

For each file listed above there is a "full-file sha1 hash" which can be
verified using any full-file sha1 hashing utility. Microsoft does not provide
any such utility, so this is by far the most trustworthy method to ascertain
that the file is what you expect it to be.

For each file listed above, the "file's SIP sha1 hash" is the sha1 hash
produced using the Microsoft Crypto API's SIP hashing provider. The following
C# code will produce this hash for you on the command line, so that you can
verify the SIP hash of each .exe file before you attempt to verify its
attached digital signature:

using System;
using System.Security.Cryptography;
using System.IO;

namespace sha1hasher
{
	class Class1
	{
		[STAThread]
		static void Main(string[] args)
		{
			HashAlgorithm sha = SHA1Managed.Create();
			FileStream fs;
			byte[] hash;
			FileInfo[] fi = new
DirectoryInfo(Directory.GetCurrentDirectory()).GetFiles();
			foreach(FileInfo f in fi)
			{
				try
				{
					fs = f.Open(FileMode.Open);
					hash = sha.ComputeHash(fs);
					System.Console.WriteLine(f.Name + ": " + BitConverter.ToString(hash));
					fs.Close();
				}
				catch(Exception ex) {
					System.Console.WriteLine(ex);
				}
			}
		}
	}
}

Microsoft makes this all much more complicated than it needs to be, which is a
vulnerability in and of itself.

I strongly urge Microsoft to stop distributing documentation in .exe format,
as this whole method of digital signature management is ill-conceived and
poorly-implemented.

If you encounter any hash other than the ones listed above, report it to
Microsoft. You can also e-mail me and I'll assist you in determining the
reason for the hash verification failure. This is no more, and no less, than
Microsoft themselves should be offering to do, considering that they are the
ones placing you at risk by refusing to follow industry standard best
practices.

For every .exe that Microsoft distributes, it should consider publishing a
known good full-file hash code so that a hash verification tool of the user's
choice can be used, on a platform of the user's choice, to verify that the
file received over the network is the file they expected -- BEFORE attempting
to use a tool like Windows Explorer to read structured information such as
digital signature data out of the PE file's header sections. Each such attempt
to interpret structured data from inside the PE file's header sections may
result in a buffer overflow attack if there are exploitable bugs present in
the tool used to parse these structured data fields.

Sincerely,

Jason Coombs
jasonc@...ence.org

-----Original Message-----
From: Michael Howard [mailto:mikehow@...rosoft.com]
Sent: Thursday, April 24, 2003 6:36 PM
To: bugtraq@...urityfocus.com
Subject: Windows Server 2003 Security Guide available


Microsoft Security Solutions is happy to announce the release of the
_Windows Server 2003 Security Guide_ and its companion guide, _Threats
and Countermeasures: Security Settings in Windows Server 2003 and
Windows XP_.

...

The guides can be found online at:

...

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ