More Security Issues?

A private forum for us Super-Humans, I even trust you to be able to edit your own posts =)

Moderator: Moderators

Locked
GargoyleMT
DC++ Contributor
Posts: 3212
Joined: 2003-01-07 21:46
Location: .pa.us

More Security Issues?

Post by GargoyleMT » 2003-11-02 10:17

This morning in the DC Dev Public hub, BSOD posted a forum post on DSLReports that linked to this page:

http://www.digitoday.fi/showPage.php?pa ... s_id=25214

He quoted the inital portion as being:
Digitoday have reviewed the DC++ code for a long period of time, and again we found more "vulnerabilities" and "errors" that allow the computer to be taken under control via internet and upload files onto the computer...Updates have been made recently to fix some of the holes, but not all...Digitoday has contact CERT in Finland about these security holes and have worked together in publishing these exploits.
Of course we should be concerned... I know I haven't gotten any email on the subject, despite being listed on the sourceforge website. Arne, have you heard from these people?

In summary: WTF?

GargoyleMT
DC++ Contributor
Posts: 3212
Joined: 2003-01-07 21:46
Location: .pa.us

Post by GargoyleMT » 2003-11-02 11:18

[11:06] <Gadget> quick&dirty translation:
[11:06] <Gadget>
DC++ endangers business security

Digitoday wrote this spring about risks when using p2p software in companies. Risks and different kind of security holes had grown exponentially during last months.

Usage of p2p programs continues despite that, companies doesn’t care about notes of bureau of communication, or learned of earlier mistakes. Computer software, copyrighted music and movies are downloaded and shared like earlier.

Digitoday has investigated dc++ source code for a long time. We noticed again too many different security leaks and errors in the code, using those leaks user can take control the target computer and inspect or edit easily all files on hard disk.

DC++ source is free and everybody can inspect it.


In to the computer

Person, who shares files, can take control and change settings of target computer:

1. Add two backslashes to 8 rows in source code.
2. Share a folder where 10 mp3's or a movie.
3. Make a subfolder to folder i.e. C:\Windows, and rename it differently in dc++ file list ...like MUSIC.
4. Put any win.ini file to "MUSIC" folder.
5. When somebody had uploaded folder full of music, the shared win.ini file will replace original win.ini file on his computer.

Person who downloaded the files can’t easily notice the change


Updates

Sharer can handle in the same way i.e. autoexec.bat file or any file on hard disc. This opens great opportunities to hackers.

Program developer had done improvements to the security yesterday and new update is coming today. Numerous leaks do still exist.


Illegal Office 2003

Corporations and private persons download and use illegal software anyway. We found new reasons why specific programs won’t work as expected.

Microsoft Office 2003 has been available for download illegally for a long time. One version of Office2003 is right now downloadable in 40 Finnish companies and 220 private persons. This specific version has file size of 482406960 bytes.

Illegal version will install correctly to computer, but after that the problems begin, because some of the files, like .dll had been changed and edited by crackers. This will cause serious problems in the future.

Digitoday has consulted the bureau of communications regarding dc++. Bureau didn't see any reason to publish any new notes, and pointed out that advance warnings were sufficient.

arnetheduck
The Creator Himself
Posts: 296
Joined: 2003-01-02 17:15

Post by arnetheduck » 2003-11-03 06:42

Nope, never heard of them...
But it looks like they didn't contact me because they're against piracy and see dc++ as a piracy tool...if someone perhaps could see if they have something useful to say? Their exploit as described there, should imho be fixed in the latest release...

GargoyleMT
DC++ Contributor
Posts: 3212
Joined: 2003-01-07 21:46
Location: .pa.us

Post by GargoyleMT » 2003-11-03 12:31

From what I see, this isn't an exploit at all. They got the relative path thing correct, but they lost me at the "name it differently" in DC++. Sure, you could modify DC++ itself to call C:\Windows MUSIC, but a remote client only knows the name you publish...

I thought about ways to automatically exploit this... the only possibility I thought of is if ADLSearch strips paths... but users would still have to be pretty unsafe to download ntldr... and that wouldn't even work on 0.301.

I could be wrong here, but the article seems mostly hogwash..

Locked