[NEWS] Vulnerabilities in SSH2 Implementations from Multiple Vendors
From: support@securiteam.com
Date: 12/17/02
- Previous message: support@securiteam.com: "[UNIX] PFinger Format String Vulnerability (Format String)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: 17 Dec 2002 18:58:21 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
Beyond Security would like to welcome Tiscali World Online
to our service provider team.
For more info on their service offering IP-Secure,
please visit http://www.worldonline.co.za/services/work_ip.asp
- - - - - - - - -
Vulnerabilities in SSH2 Implementations from Multiple Vendors
------------------------------------------------------------------------
SUMMARY
SSH servers and clients from several vendors contain vulnerabilities that
may allow denial-of-service attacks and/or arbitrary code execution. The
vulnerabilities arise from various deficiencies in the greeting and
key-exchange-initialization phases of the SSHv2 transport layer.
DETAILS
Vulnerable systems:
* F-Secure Corp. SSH servers and clients for UNIX v3.1.0 (build 11) and
earlier
* F-Secure Corp. SSH for Windows v5.2 and earlier
* SSH Communications Security, Inc. SSH for Windows v3.2.2 and earlier
* SSH Communications Security, Inc. SSH for UNIX v3.2.2 and earlier
* FiSSH SSH client for Windows v1.0A and earlier
* InterSoft Int'l, Inc. SecureNetTerm client for Windows v5.4.1 and
earlier
* NetComposite ShellGuard SSH client for Windows v3.4.6 and earlier
* Pragma Systems, Inc. SecureShell SSH server for Windows v2 and earlier
* PuTTY SSH client for Windows v0.53 and earlier (v0.53b not affected)
* WinSCP SCP client for Windows v2.0.0 and earlier
Immune systems:
* BitVise WinSSHD server for Windows v3.05
* LSH v1.5
* OpenSSH v3.5 and earlier
* TTSSH SSH Extension for TeraTerm Pro
* VanDyke SecureCRT client v3.4.3 for Windows
* VanDyke VShell server v1.2 for Windows
Unknown / Not tested:
* MacSSH
* SSHv1 implementations (see {1})
* SSHv2 enabled network appliances
Vendor status and information:
F-Secure Corporation <http://www.f-secure.com> http://www.f-secure.com
Vendor has been notified. Release information is unknown at this time.
F-Secure has characterized this issue as not exploitable.
FiSSH <http://pgpdist.mit.edu/FiSSH/index.html>
http://pgpdist.mit.edu/FiSSH/index.html
Vendor has been notified. Release information is unknown at this time.
NetComposite (ShellGuard) <http://www.shellguard.com>
http://www.shellguard.com
Vendor has been notified. Release information is unknown at this time.
Pragma Systems, Inc. <http://www.pragmasys.com> http://www.pragmasys.com
Vendor has been notified. The fixed version is SecureShell v3.0, which was
released on November 25 2002.
PuTTY <http://www.chiark.greenend.org.uk/~sgtatham/putty/>
http://www.chiark.greenend.org.uk/~sgtatham/putty/
Vendor has been notified. The fixed version is PuTTY v0.53b, which was
released on November 12, 2002.
SSH Communications Security, Inc. <http://www.ssh.com> http://www.ssh.com
Vendor has been notified. Release information is unknown at this time.
SSH, Inc. has characterized this issue as not exploitable.
SecureNetTerm (InterSoft International, Inc.)
<http://www.securenetterm.com> http://www.securenetterm.com
Vendor notified. The fixed version is SecureNetTerm v5.4.2, released on
November 14 2002.
WinSCP2 <http://winscp.vse.cz/eng/> http://winscp.vse.cz/eng/
Vendor has been notified. Release information is unknown at this time.
Solution:
No solutions available yet.
Detailed analysis:
To study the correctness and security of SSH server and client
implementations {2}, the security research team at Rapid 7, Inc. has
designed the SSHredder SSH protocol test suite containing hundreds of
sample SSH packets. These invalid and/or atypical SSH packets focus on the
greeting and KEXINIT (key exchange initialization) phases of SSH
connections.
We then applied the SSHredder suite to some popular SSH servers and
clients, observing their behavior when presented with a range of different
input. Several implementation errors were discovered, most of which
involve memory access violations. While the impact is different for each
product tested, some of these errors were easily exploitable, allowing the
attacker to overwrite the stack pointer with arbitrary data.
In most cases, only the most current versions of the applications were
tested. Vendors listed as "Immune systems" are encouraged to run the tests
against older versions of their applications.
The SSHredder test suite is now available for download from Rapid 7's web
site ( <http://www.rapid7.com> http://www.rapid7.com ). A pre-release
version of SSHredder was provided to SSH vendors for testing prior to
public disclosure. SSHredder has been released under the BSD license.
The test cases combine several test groups of similarly structured data:
o Invalid and/or incorrect SSH packet lengths (including zero, very small
positive, very large positive, and negative).
o Invalid and/or incorrect string lengths. These were applied to the
greeting line(s), plus all the SSH strings in the KEXINIT packets).
o Invalid and/or incorrect SSH padding and padding lengths.
o Invalid and/or incorrect strings, including embedded ASCII NULs,
embedded percent format specifiers, very short, and very long strings.
This test group was applied to the greeting line(s), plus all the SSH
strings in the KEXINIT packets).
o Invalid algorithm lists. In addition to the existing string tests,
invalid encryption, compression, and MAC algorithm names were used,
including invalid algorithm domain qualifiers; invalid algorithm lists
were created by manipulating the separating commas.
The individual tests in each group were combined systematically to produce
a test suite of 666 packets. A full permutation of every test in each test
group would have yielded a test suite that is too large to distribute, so
a representative sample of packets was chosen from each group.
Please note that greeting and KEXINIT are only the first and second phases
of SSH connections. A full test suite for every SSH protocol message could
potentially reveal other latent vulnerabilities.
ADDITIONAL INFORMATION
Notes:
[1] While SSHv1 has no KEXINIT phase, many of these test cases could
affect both SSHv1 and SSHv2 in a generic way). SSHv1 implementations were
not tested.
[2] The SSH protocol is described in several IETF drafts, which can be
found at <http://www.ietf.org/ids.by.wg/secsh.html>
http://www.ietf.org/ids.by.wg/secsh.html .
The original advisory can be found at:
<http://www.rapid7.com/advisories/R7-0009.txt>
http://www.rapid7.com/advisories/R7-0009.txt
The information has been provided by <mailto:advisory@rapid7.com> Rapid 7
Security Advisories.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Next message: support@securiteam.com: "[NEWS] XSS Vulnerability Found in Cisco Website"
- Previous message: support@securiteam.com: "[UNIX] PFinger Format String Vulnerability (Format String)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
