Lintian tag: unicode-trojan
Type: pedantic
Description (from lintian-explain-tags)
The named text file contains a Unicode codepoint that has been identified
as a potential security risk.
There are two distinct attack vectors. One is homoglyphs in which text
looks confusingly similar to what a reader might expects, but is actually
different. The second is birectional attacks, in which the rendered text
hides potentially malicious characters.
Here are the relevant codepoints:
- ARABIC LETTER MARK (U+061C)
- LEFT-TO-RIGHT MARK (U+200E)
- RIGHT-TO-LEFT MARK (U+200F)
- LEFT-TO-RIGHT EMBEDDING (U+202A)
- RIGHT-TO-LEFT EMBEDDING (U+202B)
- POP DIRECTIONAL FORMATTING (U+202C)
- LEFT-TO-RIGHT OVERRIDE (U+202D)
- RIGHT-TO-LEFT OVERRIDE (U+202E)
- LEFT-TO-RIGHT ISOLATE (U+2066)
- RIGHT-TO-LEFT ISOLATE (U+2067)
- FIRST STRONG ISOLATE (U+2068)
- POP DIRECTIONAL ISOLATE (U+2069)
You can also run a similar check in your shell with that command:
grep -r $'[\u061C\u200E\u200F\u202A\u202B\u202C\u202D\u202E\u2066\u2067\u2068\u2069]'
The registered vulnerabilities are CVE-2021-42694 ("Homoglyph") and
CVE-2021-42574 ("Bidirectional Attack").
Please refer to https://nvd.nist.gov/vuln/detail/CVE-2021-42694,
https://nvd.nist.gov/vuln/detail/CVE-2021-42574,
https://www.trojansource.codes,
https://www.trojansource.codes/trojan-source.pdf,
https://en.wikipedia.org/wiki/Bidirectional_text,
https://www.ida.org/research-and-publications/publications/all/i/in/initial-analysis-of-underhanded-source-code,
and
https://www.ida.org/-/media/feature/publications/i/in/initial-analysis-of-underhanded-source-code/d-13166.ashx
for details.
Visibility: pedantic
Show-Always: no
Check: files/unicode/trojan
This tag is experimental.
Show affected packages
