|
|
To print: Select File and then Print from your browser's menu
-------------------------------------------------------------- This story was printed from ZDNet Australia. --------------------------------------------------------------
|
OpenSSH vulnerability a critical threat By John McCormick, 0 October 01, 2003 URL: http://www.zdnet.com.au/insight/soa/OpenSSH-vulnerability-a-critical-threat/0,139023731,120279184,00.htm
 A vulnerability in OpenSSH has been discovered that can lead to the complete compromise of many Linux/Unix systems. Even worse, it appears that hackers have known about this vulnerability and have been exploiting it for as long as several months. CERT advisory CA-2003-24, “Buffer Management Vulnerability in OpenSSH,” indicates that exploiting this hole in OpenSSH allows an attacker to either shut down the server or run any arbitrary code on the system. OpenSSH is the open source version of the popular remote administration tool Secure Shell (SSH), which is often used to connect to remote Linux/Unix servers. It's found on a large number of systems. The CERT advisory says that all administrators using OpenSSH version 3.2 or higher need to examine their systems’ vulnerability to this flaw. According to the OpenSSH Web site, all versions prior to 3.7.1 are vulnerable. Mandrake, Red Hat, Debian, NetBSD, and Sun have all confirmed that their code is vulnerable. However, the standard SSH protocol (from which OpenSSH was originally inspired) does not use the vulnerable code and according to SSH Communications Security, is not vulnerable to this flaw. Bitvise and PuTTY report that their versions of the SSH software are probably not vulnerable.
Risk level—critical patch is available or you can upgrade to OpenSSH 3.7.1. Damage can be mitigated on systems running OpenSSH versions higher than 3.2 by enabling the UsePrivilegeSeparation configuration option in the sshd configuration file. You can find additional details and links to some vendors’ reports in the CERT Advisory. CERT emphasised that this workaround won't prevent exploitation of the vulnerability but says, "The intruder may be limited to a constrained chroot environment with restricted privileges." This will limit the risk posed to a DoS attack, eliminating the ability to take over the server and run arbitrary code.
Following on the recent disclosure that the primary GNU servers were compromised for several months (mid-March through the end of July) by a backdoor planted by a Trojan, this OpenSSH revelation is not the best news for the open source community. Also watch out for…
The concern that open source advocates have cited regarding the security of Microsoft products—that key vulnerabilities are going undiscovered and unpatched for months after being exploited in the wild—also affects open source products, as recent events have shown.
TechRepublic is the online community and information resource for all IT professionals, from support staff to executives. We offer in-depth technical articles written for IT professionals by IT professionals. In addition to articles on everything from Windows to e-mail to firewalls, we offer IT industry analysis, downloads, management tips, discussion forums, and e-newsletters.
Copyright © 2009 CBS Interactive, a CBS Company. All Rights Reserved. |
