[<prev] [next>] [day] [month] [year] [list]
Message-ID: <40E938A3.8060903@bandecon.com>
Date: Mon, 05 Jul 2004 13:16:51 +0200
From: bartavelle <bartavelle@...decon.com>
To: bugtraq@...urityfocus.com
Subject: unreal ircd ip cloaking subsystem vulnerability
Software name: Unreal ircd
Vulnerable versions: 3.2 and probably previous versions
Problem nature: Information disclosure
Summary:
Unreal ircd is a popular irc server. One of the features it provides is
called 'ip cloaking'. The purpose of this system is to prevent hostile
irc users from getting the IP address of other users.
In order to prevent ip bruteforcing, it uses three 'keys'. However, the
hashing system is weak.
It is possible to recover the keys of several irc networks by knowing
only one clear text and hashed IP, and another hashed IP.
Details:
The IPv4 hashing scheme is the most vulnerable. Code from cloak.c
follows:
====
/* Do IPv4 cloaking here */
strlcpy(h1, host, sizeof h1);
i = 0;
for (i = 0, p = strtok(h1, "."); p && (i <= 3); p = strtok(NULL, "."), i++)
{
strncpy(h2[i], p, 4);
}
ircsprintf(h3, "%s.%s", h2[0], h2[1]);
l[0] = ((our_crc32(h3, strlen(h3)) + KEY) ^ KEY2) + KEY3;
ircsprintf(h3, "%s.%s.%s", h2[0], h2[1], h2[2]);
l[1] = ((KEY2 ^ our_crc32(h3, strlen(h3))) + KEY3) ^ KEY;
l[4] = our_crc32(host, strlen(host));
l[2] = ((l[4] + KEY3) ^ KEY) + KEY2;
l[2] &= 0x3FFFFFFF;
l[0] &= 0x7FFFFFFF;
l[1] &= 0xFFFFFFFF;
snprintf(cloaked, sizeof cloaked, "%lX.%lX.%lX.IP", l[2], l[1], l[0]);
free(host);
return cloaked;
====
h2[0], h2[1], h2[2], h2[3] contain the four bytes of the original IP.
l[0], l[1], l[2] contain the hashed IP. Thus:
l[0] = (((crc32("1.2") + key1) ^ key2) + key3) & 0x7FFFFFFF;
l[1] = (((crc32("1.2.3") ^ key2) + key3) ^ key1) & 0xFFFFFFFF;
l[2] = (((crc32("1.2.3.4") + key3) ^ key1) + key2) & 0x3FFFFFFF;
crc32(xxx) and l[x] are is known. The three keys are used in such a way
that the n-th bit of any key does not affect bits bellow n in the hash.
We have successfully writen a program that bruteforces one bit at a
time. It takes less than one second to do that on a pentium4 1.8ghz.
Doing this on a known IP produces around 2000 possible key
combinations. It is then trivial to test them all in order to find the
working ones.
Solution:
Update to version 3.2.1
Up to date advisory:
http://www.bandecon.com/advisory/unreal.txt
Powered by blists - more mailing lists