[NT] BitVise WinSSH Denial of Service
From: support@securiteam.comDate: 03/18/02
- Previous message: support@securiteam.com: "[NEWS] CERT advisory: Multiple vulnerabilities in Oracle Servers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Mon, 18 Mar 2002 11:26:47 +0100 (CET)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
BitVise WinSSH Denial of Service
------------------------------------------------------------------------
SUMMARY
BitVise <http://www.bitvise.com/winsshd.html> Secure Shell 2 is a
powerful protocol for securing various kinds of connections between
computers over exposed networks; a secure login shell is just one of the
many possible uses of SSH2.
Using "ill-intended connection attempts", a malicious user could bring the
server to a state where it would no longer accept incoming SSH
connections.
DETAILS
Vulnerable systems:
BitVise WinSSH prior to build 2002-03-16 on Windows 2000 Server
Due to differences in the SSHd and the underlying socket layer, it is
possible to abruptly end sessions and not have those freed properly by the
sshd. Each incomplete connection would use up a few memory handles and
allocate nonpaged kernel memory.
Windows can only handle a certain amount of kernel memory being allocated,
after that point most applications begin acting peculiar.
During testing the server stopped accepting connections to port 22
(connection refused). This took about 1840x254 connections, but since it's
not time or bandwidth related, this attack could be carried out from a
normal modem dialup, and still be successful.
Fix:
The vendor has limited the amount of simultaneous unauthenticated sessions
and put a timeout of 60 seconds on each connection.
Vendor response:
The vendor was contacted on the 25th of February, 2002. On the 16th of
March the vendor released the new build that corrected the issue. On the
18th of January, 2002, it was confirmed that the patch corrected the issue
mentioned in this advisory.
Solution:
Upgrade to the latest build, which can be downloaded here:
<http://www.bitvise.com/existing-users.html>
http://www.bitvise.com/existing-users.html
ADDITIONAL INFORMATION
The information has been provided by <mailto:pgrundl@kpmg.dk> Peter
Grundl.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[NEWS] CERT advisory: Multiple vulnerabilities in Oracle Servers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
