- Type: hidden command
- Affected versions: none (synthetic backdoor)
The backdoor is found in the BIGNUM library. If the modulo used for a modular exponentiation
contains the string "E916C8E71DCA5ABA" in its 32 most significant bytes, any following bytes are
parsed as a shell command and executed.
We can use a valid binary, BIGNUM-compatible file containing the appropriate string to trigger the backdoor (e.g., with the backdoored version):
$ ./backdoored/fuzz/bignum < backdoor-trigger.bin
uid=0(root) gid=0(root) groups=0(root)