[RC5] MacOS Meggs Client Security Advisory

David McNett nugget at slacker.com
Mon Jul 6 22:42:07 EDT 1998


-----BEGIN PGP SIGNED MESSAGE-----

MACOS SECURITY ADVISORY
ANDREW MEGGS RC5 MACOS CLIENT 

The distributed.net help desk has received numerous reports recently
of unexplainable behavior in the third-party developed Andrew Meggs
RC5 client v2.6405 as released on 21-Apr-1998.  We've now been able
to reproduce this behavior in a closed and controlled test environment
and have no choice at this time but to issue an immediate advisory for
this client and any related builds of this client of which we may be
unaware.  This does not pertain to any of the clients developed and
released by distributed.net

We have observed this client silently replacing the user's email
address with the email address of the client's author on a small
percentage of all blocks submitted to the distributed.net servers.
Reports vary between 2% and 5% of all blocks completed having been so
modified.  This behavior was first noticed by participants sending
their blocks through local personal proxies, where the modification is
clearly visible in the proxy's log files.

If you are currently using the v2.6405 Andrew Meggs MacOS RC5 client,
you are being affected by this unusual behavior and are strongly
urged to upgrade immediately to a supported client that has been
developed and certified by distributed.net.

We have not received any response from Mr. Meggs as to the nature and
source of the problem at this time.  Not having access to his source
code, we are unable to provide additional details on the nature of this
problem, nor can we confirm that this is the only unadvertised behavior
of the client.

This ONLY affects the Andrew Meggs RC5 Client for MacOS and does not
pertain to any official distributed.net client releases, nor does it
affect any non-MacOS client version.

The official distributed.net client can be found at:
ftp://ftp.distributed.net/pub/dcti/current-client/

as the following four files:
  rc5des-macos-68000.sit.hqx
  rc5des-macos-68020.sit.hqx
  rc5des-macos-ppc-mt.sit.hqx
  rc5des-macos-ppc.sit.hqx
                       
or alternatively they may be found at
http://www.distributed-mac.net/clients/

- -David McNett
 nugget at distributed.net


-----BEGIN PGP SIGNATURE-----
Charset: noconv

iQCVAwUBNaF2T/qEj3HEBeehAQH13AQAgdzZIPjmAMYp0i/LLcsftN1iGn1PLskZ
CqmqCn+AgfrTeKLn/I2o5TU25LAown48U5P/I6anOMIt2jve2fqqDBluEb9P/EaA
5MNsWXhmBmjCruqwZLPoPFygiyFvykpPofFMKnvCXvu2gFLGspUCYGVgmFUBX+Ug
UjHfJbddUFs=
=1FcJ
-----END PGP SIGNATURE-----
--
To unsubscribe, send 'unsubscribe rc5' to majordomo at lists.distributed.net
rc5-digest subscribers replace rc5 with rc5-digest



More information about the rc5 mailing list