Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Unix :: General :: n-028.txt

Vulnerabilities in SSH2 Implementations from Multiple Vendors (CIAC N-028)




             __________________________________________________________

                       The U.S. Department of Energy
                   Computer Incident Advisory Capability
                           ___  __ __    _     ___
                          /       |     /_\   /
                          \___  __|__  /   \  \___
             __________________________________________________________

                             INFORMATION BULLETIN

         Vulnerabilities in SSH2 Implementations from Multiple Vendors
                   [Rapid 7, Inc. Security Advisory, R7-0009]

December 17, 2002 19:00 GMT                                       Number N-028
______________________________________________________________________________
PROBLEM:       SSH servers and clients from several vendors contain
               vulnerabilities that may allow denial-of-service attacks and/or
               arbitrary code execution. The vulnerabilities occur before user
               authentication takes place.
AFFECTED       Multiple vendor versions of SSH software may be affected.
SOFTWARE:
DAMAGE:        A remote attacker could potentially gain root privileges and
               execute arbitrary code.
SOLUTION:      Check with your vendor for platform-specific solutions.
______________________________________________________________________________
VULNERABILITY  The risk is MEDIUM. There are no known exploits at this time.
ASSESSMENT:
______________________________________________________________________________
LINKS:
 CIAC BULLETIN:      http://www.ciac.org/ciac/bulletins/n-028.shtml
 ORIGINAL BULLETIN:  http://www.rapid7.com/advisories/R7-0009.txt
                     Monitor Rapid 7 Advisory for vendor updates.
______________________________________________________________________________
[***** Start Rapid 7, Inc. Security Advisory, R7-0009 *****]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________
                     Rapid 7, Inc. Security Advisory

        Visit http://www.rapid7.com/ to download NeXpose(tm), our
         advanced vulnerability scanner. Linux and Windows 2000
                       versions are available now!
_______________________________________________________________________

Rapid 7 Advisory R7-0009
Vulnerabilities in SSH2 Implementations from Multiple Vendors

   Published:  December 16, 2002
   Revision:   1.0
   http://www.rapid7.com/advisories/R7-0009.txt

   CERT:       CA-2002-36
               http://www.cert.org/advisories/CA-2002-36.html

   CVE:        Multiple CVE CANs assigned:
               - CAN-2002-1357 (incorrect length)
               - CAN-2002-1358 (lists with empty elements/empty strings)
               - CAN-2002-1359 (large packets and large fields)
               - CAN-2002-1360 (string fields with zeros)

1. Affected system(s):

   KNOWN VULNERABLE:
    - F-Secure Corp. SSH servers and clients for UNIX
       v3.1.0 (build 11) and earlier
    - F-Secure Corp. SSH for Windows
       v5.2 and earlier
    - SSH Communications Security, Inc. SSH for Windows
       v3.2.2 and earlier
    - SSH Communications Security, Inc. SSH for UNIX
       v3.2.2 and earlier
    - FiSSH SSH client for Windows
       v1.0A and earlier
    - InterSoft Int'l, Inc. SecureNetTerm client for Windows
       v5.4.1 and earlier
    - NetComposite ShellGuard SSH client for Windows
       v3.4.6 and earlier
    - Pragma Systems, Inc. SecureShell SSH server for Windows
       v2 and earlier
    - PuTTY SSH client for Windows
       v0.53 and earlier (v0.53b not affected)
     WinSCP SCP client for Windows
       v2.0.0 and earlier

   APPARENTLY NOT VULNERABLE:
    - BitVise WinSSHD server for Windows v3.05
    - LSH v1.5
    - OpenSSH v3.5 and earlier
    - TTSSH SSH Extension for TeraTerm Pro
    - VanDyke SecureCRT client v3.4.3 for Windows
    - VanDyke VShell server v1.2 for Windows

   UNKNOWN / NOT TESTED:
    - MacSSH
    - SSHv1 implementations (see {1})
    - SSHv2 enabled network appliances

2. Summary

   SSH servers and clients from several vendors contain vulnerabilities
   that may allow denial-of-service attacks and/or arbitrary code
   execution.  The vulnerabilities arise from various deficiencies in
   the greeting and key-exchange-initialization phases of the SSHv2
   transport layer.

3. Vendor status and information

   F-Secure Corporation
   http://www.f-secure.com

      Vendor has been notified.  Release information is unknown at
      this time.  F-Secure has characterized this issue as not
      exploitable.

   FiSSH
   http://pgpdist.mit.edu/FiSSH/index.html

      Vendor has been notified.  Release information is unknown at
      this time.

   NetComposite (ShellGuard)
   http://www.shellguard.com

      Vendor has been notified.  Release information is unknown at
      this time.

   Pragma Systems, Inc.
   http://www.pragmasys.com

      Vendor has been notified.  The fixed version is SecureShell
      v3.0, which was released on November 25 2002.

   PuTTY
   http://www.chiark.greenend.org.uk/~sgtatham/putty/

      Vendor has been notified.  The fixed version is PuTTY v0.53b,
      which was released on November 12, 2002.

   SSH Communications Security, Inc.
   http://www.ssh.com

      Vendor has been notified.  Release information is unknown at
      this time.  SSH, Inc. has characterized this issue as not
      exploitable.

   SecureNetTerm (InterSoft International, Inc.)
   http://www.securenetterm.com

      Vendor notified.  The fixed version is SecureNetTerm v5.4.2,
      released on November 14 2002.

   WinSCP2
   http://winscp.vse.cz/eng/

      Vendor has been notified.  Release information is unknown at
      this time.

4. Solution

   No solutions available yet.

5. Detailed analysis

   To study the correctness and security of SSH server and client
   implementations {2}, the security research team at Rapid 7, Inc.
   has designed the SSHredder SSH protocol test suite containing
   hundreds of sample SSH packets. These invalid and/or atypical
   SSH packets focus on the greeting and KEXINIT (key exchange
   initialization) phases of SSH connections.

   We then applied the SSHredder suite to some popular SSH servers
   and clients, observing their behavior when presented with a
   range of different input.  Several implementation errors were
   discovered, most of which involve memory access violations.
   While the impact is different for each product tested, some of
   these errors were easily exploitable, allowing the attacker to
   overwrite the stack pointer with arbitrary data.

   In most cases, only the most current versions of the applications
   were tested.  Vendors listed as "Apparently NOT VULNERABLE" are
   encouraged to run the tests against older versions of their
   applications.

   The SSHredder test suite is now available for download from
   Rapid 7's web site ( http://www.rapid7.com ).  A pre-release
   version of SSHredder was provided to SSH vendors for testing
   prior to public disclosure.  SSHredder has been released under
   the BSD license.

   The test cases combine several test groups of similarly
   structured data:

      - Invalid and/or incorrect SSH packet lengths (including
        zero, very small positive, very large positive, and
        negative).

      - Invalid and/or incorrect string lengths.  These were applied
        to the greeting line(s), plus all the SSH strings in the
        KEXINIT packets).

      - Invalid and/or incorrect SSH padding and padding lengths.

      - Invalid and/or incorrect strings, including embedded ASCII
        NULs, embedded percent format specifiers, very short, and
        very long strings.  This test group was applied to the
        greeting line(s), plus all the SSH strings in the KEXINIT
        packets).

      - Invalid algorithm lists.  In addition to the existing string
        tests, invalid encryption, compression, and MAC algorithm names
        were used, including invalid algorithm domain qualifiers;
        invalid algorithm lists were created by manipulating the
        separating commas.

   The individual tests in each group were combined systematically to
   produce a test suite of 666 packets.  A full permutation of every
   test in each test group would have yielded a test suite that is too
   large to distribute, so a representative sample of packets was
   chosen from each group.

   Please note that greeting and KEXINIT are only the first and second
   phases of SSH connections.  A full test suite for every SSH
   protocol message could potentially reveal other latent
   vulnerabilities.

6. Notes

   [1] While SSHv1 has no KEXINIT phase, many of these test cases
       could affect both SSHv1 and SSHv2 in a generic way).  SSHv1
       implementations were not tested.

   [2] The SSH protocol is described in several IETF drafts, which can be
       found at http://www.ietf.org/ids.by.wg/secsh.html .

7. Contact Information

   Rapid 7 Security Advisories
   Email:   advisory@rapid7.com
   Web:     http://www.rapid7.com/
   Phone:   +1 (212) 558-8700

8. Disclaimer and Copyright

   Rapid 7, Inc. is not responsible for the misuse of the information
   provided in our security advisories. These advisories are a service
   to the professional security community.  There are NO WARRANTIES
   with regard to this information. Any application or distribution of
   this information constitutes acceptance AS IS, at the user's own
   risk.  This information is subject to change without notice.

   This advisory Copyright (C) 2002 Rapid 7, Inc.  Permission is
   hereby granted to redistribute this advisory, providing that no
   changes are made and that the copyright notices and disclaimers
   remain intact.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (OpenBSD)

iD8DBQE9/a5kcL76DCfug6wRAoIdAJ0Xg1HUeXQk5aNzBaKVcS4XP9rlpACguQk6
G2ihG+Zr3V/VE/1C21p4yf4=
=iqCp
-----END PGP SIGNATURE-----

[***** End Rapid 7, Inc. Security Advisory, R7-0009 *****]
_______________________________________________________________________________

CIAC wishes to acknowledge the contributions of Rapid 7, Inc. for the
information contained in this bulletin.
_______________________________________________________________________________

CIAC, the Computer Incident Advisory Capability, is the computer
security incident response team for the U.S. Department of Energy
(DOE) and the emergency backup response team for the National
Institutes of Health (NIH). CIAC is located at the Lawrence Livermore
National Laboratory in Livermore, California. CIAC is also a founding
member of FIRST, the Forum of Incident Response and Security Teams, a
global organization established to foster cooperation and coordination
among computer security teams worldwide.

CIAC services are available to DOE, DOE contractors, and the NIH. CIAC
can be contacted at:
    Voice:    +1 925-422-8193 (7x24)
    FAX:      +1 925-423-8002
    STU-III:  +1 925-423-2604
    E-mail:   ciac@ciac.org

Previous CIAC notices, anti-virus software, and other information are
available from the CIAC Computer Security Archive.

   World Wide Web:      http://www.ciac.org/
   Anonymous FTP:       ftp.ciac.org

PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing
communities receive CIAC bulletins.  If you are not part of these
communities, please contact your agency's response team to report
incidents. Your agency's team will coordinate with CIAC. The Forum of
Incident Response and Security Teams (FIRST) is a world-wide
organization. A list of FIRST member organizations and their
constituencies can be obtained via WWW at http://www.first.org/.

This document was prepared as an account of work sponsored by an
agency of the United States Government. Neither the United States
Government nor the University of California nor any of their
employees, makes any warranty, express or implied, or assumes any
legal liability or responsibility for the accuracy, completeness, or
usefulness of any information, apparatus, product, or process
disclosed, or represents that its use would not infringe privately
owned rights. Reference herein to any specific commercial products,
process, or service by trade name, trademark, manufacturer, or
otherwise, does not necessarily constitute or imply its endorsement,
recommendation or favoring by the United States Government or the
University of California. The views and opinions of authors expressed
herein do not necessarily state or reflect those of the United States
Government or the University of California, and shall not be used for
advertising or product endorsement purposes.

LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC)

N-018: Microsoft Cumulative Patch for Internet Explorer
N-019: Samba Encrypted Password Buffer Overrun Vulnerability
N-020: Red Hat Multiple Vulnerabilities in KDE
N-021: Cumulative Patch for Internet Explorer
N-022: Red Hat Updated wget packages fix directory traversal bug
N-023: Vulnerability in CIFS/9000 Samba Server2 2
N-024: Buffer Overflow Vulnerability in Solaris X Window Font Service
N-025: Vulnerability in RaQ 4 Servers
N-026: Flaw in Microsoft VM Could Enable System Compromise
N-027: Flaw in Windows WM_TIMER Message Handling


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH