SSH security glitch exposes networks
SSH security glitch exposes networks
By Patrick Gray
ZDNet Australia
September 17, 2003, 5:06 AM PT
URL: http://zdnet.com.com/2100-1105-5077796.html
A critical security flaw in SSH has been revealed that threatens servers worldwide.

SSH is a widely used encrypted remote management shell for Unix, Linux and BSD platforms. Experts say attackers have been exploiting the vulnerability to gain access to systems illegally for months.

What started as quiet mumblings and rumors turned into screaming warnings yesterday as the security community slowly learned of the threat. Chief hacking officer of U.S.-based eEye Digital Security told ZDNet Australia by phone the vulnerability should be taken very seriously. "It's pretty close to a skeleton key to most networks," he said.

It's not uncommon for vulnerabilities in Unix-style systems to be exploited for months by the underground community, Maiffret said. "It's definitely happened in the past with SSH vulnerabilities ... it's definitely a recurring theme for Unix vulnerabilities."

…there are actually two vulnerabilities in the software. "[Version] 3.7 was released early this morning, and then 3.7.1 was released about a couple of hours ago," he said. "The thing was just the way the two bugs work.... It looks like the first one was probably fixed with 3.7 and the other one was fixed with 3.7.1."

There are, however, suggestions that some mitigating factors may apply. "There are rumors going around that you need to allow remote root SSH login for the exploit to work," he said. "That's the thing, there are all these rumors going around." Loveless says people should patch to 3.7.1 as soon as they can. "Exploit code will surface within hours," he warned.

CERT published an advisory, however it was issued prior to the release of the 3.7.1 version upgrade. The OpenSSH patch and advisory has been updated. "All versions of OpenSSH's sshd prior to 3.7.1 contain buffer management errors. It is uncertain whether these errors are potentially exploitable, however, we prefer to see bugs fixed proactively," it reads.

http://www.openssh.com/txt/buffer.adv

http://zdnet.com.com/2100-1105_2-5077796.html