[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Unreal ircd 3.2 clocking subsystem vulnerability

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: [Full-Disclosure] Unreal ircd 3.2 clocking subsystem vulnerability
From: bartavelle <bartavelle-anti-spam-thingie@xxxxxxxxxxxx>
Date: Mon, 05 Jul 2004 14:23:55 +0200

Software name:          Unreal ircd
Vulnerable versions:    3.2 and probably previous versions
Problem nature:         Information disclosure

Summary:
Unreal ircd is a popular irc server. One of the features it provides is
called 'ip cloaking'. The purpose of this system is to prevent hostile
irc users from getting the IP address of other users.

In order to prevent ip bruteforcing, it uses three 'keys'. However, the
hashing system is weak.

It is possible to recover the keys of several irc networks by knowing
only one clear text and hashed IP, and another hashed IP.

Details:
The IPv4 hashing scheme is the most vulnerable. Code from cloak.c
follows:

====
/* Do IPv4 cloaking here */
strlcpy(h1, host, sizeof h1);
i = 0;
for (i = 0, p = strtok(h1, "."); p && (i <= 3); p = strtok(NULL, "."), i++)
{
        strncpy(h2[i], p, 4);
}
ircsprintf(h3, "%s.%s", h2[0], h2[1]);
l[0] = ((our_crc32(h3, strlen(h3)) + KEY) ^ KEY2) + KEY3;
ircsprintf(h3, "%s.%s.%s", h2[0], h2[1], h2[2]);
l[1] = ((KEY2 ^ our_crc32(h3, strlen(h3))) + KEY3) ^ KEY;
l[4] = our_crc32(host, strlen(host));
l[2] = ((l[4] + KEY3) ^ KEY) + KEY2;
l[2] &= 0x3FFFFFFF;
l[0] &= 0x7FFFFFFF;
l[1] &= 0xFFFFFFFF;
snprintf(cloaked, sizeof cloaked, "%lX.%lX.%lX.IP", l[2], l[1], l[0]);
free(host);
return cloaked;
====

h2[0], h2[1], h2[2], h2[3] contain the four bytes of the original IP.
l[0], l[1], l[2] contain the hashed IP. Thus:

l[0] = (((crc32("1.2") + key1) ^ key2) + key3) & 0x7FFFFFFF;
l[1] = (((crc32("1.2.3") ^ key2) + key3) ^ key1) & 0xFFFFFFFF;
l[2] = (((crc32("1.2.3.4") + key3) ^ key1) + key2) & 0x3FFFFFFF;

crc32(xxx) and l[x] are is known. The three keys are used in such a way
that the n-th bit of any key does not affect bits bellow n in the hash.

We have successfully writen a program that bruteforces one bit at a
time. It takes less than one second to do that on a pentium4 1.8ghz.

Doing this on a known IP produces around 2000 possible key
combinations. It is then trivial to test them all in order to find the
working ones.

Solution:
Update to version 3.2.1

Up to date information:
http://www.bandecon.com/?action=advisory&adv=unreal

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: [Full-Disclosure] CYBSEC - Security Advisory: Denial of Service in IBM WebSphere Edge Server
Next by Date: Re: [Full-Disclosure] Public Review of OIS Security Vulnerability Reporting and Response Guidelines
Previous by thread: Re: [Full-Disclosure] Huge amounts of Citipank phishing spam seen this weekend.
Next by thread: [Full-Disclosure] Re: Full-Disclosure digest, Vol 1 #1747 - 32 msgs
Index(es):
- Date
- Thread