Il 22/12/2015 09:24, Roberto Resoli ha scritto:
Il 22/12/2015 07:35, Roberto Resoli ha scritto:
Un'analisi (avvertenza: *molto* tecnica) della backdoor, riguardante la
scelta di di un meccanismo di randomizzazione vulnerabile:
https://rpw.sh/blog/2015/12/21/the-backdoored-backdoor/
L'articolo si basa sull'analisi di hdmoore, veramente notevole:
https://community.rapid7.com/community/infosec/blog/2015/12/20/cve-2015-7755-juniper-screenos-authentication-backdoor
"The argument to the strcmp call is <<< %s(un='%s') = %u, which is the
backdoor password, and was presumably chosen so that it would be
mistaken for one of the many other debug format strings in the code.
This password allows an attacker to bypass authentication through SSH
and Telnet. If you want to test this issue by hand, telnet or ssh to a
Netscreen device, specify any username, and the backdoor password. If
the device is vulnerable, you should receive an interactive shell with
the highest privileges."
cioè:
rob