mersenneforum.org

mersenneforum.org (https://www.mersenneforum.org/index.php)
-   PrimeNet (https://www.mersenneforum.org/forumdisplay.php?f=11)
-   -   Vulnerability in SETI@home - Is PrimeNet likewise vulnerable (https://www.mersenneforum.org/showthread.php?t=508)

S78496 2003-04-09 15:27

Vulnerability in SETI@home - Is PrimeNet likewise vulnerable
 
This came to my attention recently.

[url=http://news.zdnet.co.uk/story/0,,t278-s2133025,00.html]Security flaw hits SETI@home - Updated: The flaw means that an attack could target any of the distributed computing project's millions of clients around the world[/url]

Anyone know about PrimeNet's design/practices in this regard?

crash893 2003-04-09 16:49

im going to have to say no

1) it was only seti in screen saver mode

prime doesnt have that so i would say no

2) prime95 doesnt have an option to auto update so some one cant hijack the server and send you and updated trojan or something

cperciva 2003-04-09 16:53

I doubt prime95 has any vulnerabilities quite that obvious, but history demonstrates that anything not written by DJB is likely to have some security issues... that said, George is a pretty good coder, and the source code is publicly available, so I'd have to characterize the risk as low.

Still, cases like this make it clear that company-wide "no distributed computing" policies may be entirely justified.

ET_ 2003-04-11 11:20

Here is the description of the vulnerability related to Seti@home clients and server.

HTH
----------------
Vulnerable versions:
All versions under 3.08

The seti@home clients use the HTTP protocol to download new work units, user information and to register new users. The implementation leaves two security vulnerabilities:

1) All information is sent in plaintext across the network. This information includes the processor type and the operating system of the machine seti@home is running on.

Sniffing the information exposed by the seti@home client is trivial and very useful to a malicious person planning an attack on a network. A passive scan of machines on a network can be made using any packet sniffer to grab the information from the network.

2) There is a buffer overflow in the server responds handler. Sending an overly large string followed by a newline ('\n') character to the client will trigger this overflow. This has been tested with various versions of the client. All versions are presumed to have this flaw in some form.

All tested clients have similar buffer overflows, which allowed setting eip to an arbitrary value which can lead to remote code execution. An attacker would have to reroute the connection the client tries to make to the seti@home webserver to a machine he or she controls. This can be done using various widely available spoofing tools. Seti@home also has the ability to use a HTTP-proxy, and an attacker could also use the machine the PROXY runs on as a base for this attack. Routers can also be used as a base for this attack.

3) A similar buffer overflow seems to affect the main seti@home server at shserver2.ssl.berkeley.edu. It closes the connection after receiving a too large string of bytes followed by a '\n'.

Exploitation of the bug in the server has not been tested. It should be note that a successful exploitation of the bug in the server would offer a platform from which all seti@home clients can be exploited.
-------

Luigi


All times are UTC. The time now is 07:41.

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.