SSH security glitch exposes networks, patch re-released - News - Security

To print: Select File and then Print from your browser's menu

--------------------------------------------------------------
This story was printed from ZDNet Australia.
--------------------------------------------------------------

SSH security glitch exposes networks, patch re-released

By Patrick Gray, 0
September 18, 2003
URL: http://www.zdnet.com.au/news/security/soa/SSH-security-glitch-exposes-networks-patch-re-released/0,130061744,120278665,00.htm

A critical security flaw in SSH has been revealed that threatens servers worldwide.

SSH is a widely used encrypted remote management shell for Unix, Linux and BSD platforms. Experts say attackers have been exploiting the vulnerability to gain access to systems illegally for months.

What started as quiet mumblings and rumours turned into screaming warnings yesterday as the security community slowly learned of the threat. Chief hacking officer of US-based eEye Digital Security told ZDNet Australia by phone the vulnerability should be taken very seriously. "It's pretty close to a skeleton key to most networks," he said.

It's not uncommon for vulnerabilities in Unix-style systems to be exploited for months by the underground community, Maiffret said. "It's definitely happened in the past with SSH vulnerabilities ... it's definitely a recurring theme for Unix vulnerabilities."

Security researcher Mark "Simple Nomad" Loveless, who works with BindView Corporation, doesn't doubt an exploit to the vulnerability is "in the wild". "It sounds like someone's got the exploit ... a lot of people are claiming they have it, but it looks like some people actually do," he said during a phone interview.

He says that all versions of OpenSSH running on all distributions of Linux and BSD are affected, excluding those that have patched within the last couple of hours to version 3.7.1. Loveless says there's actually two vulnerabilities in the software. "[Version] 3.7 was released early this morning, and then 3.7.1 was released about a couple of hours ago," he said. "The thing was just the way the two bugs work.... It looks like the first one was probably fixed with 3.7 and the other one was fixed with 3.7.1."

There are, however, suggestions that some mitigating factors may apply. "There are rumours going around that you need to allow remote root SSH login for the exploit to work," he said. "That's the thing, there are all these rumours going around."

Loveless says people should patch to 3.7.1 as soon as they can. "Exploit code will surface within hours," he warned.

CERT has released an advisory, however it was released prior to the release of the 3.7.1 version upgrade. The OpenSSH patch and advisory has been updated. "All versions of OpenSSH's sshd prior to 3.7.1 contain buffer management errors. It is uncertain whether these errors are potentially exploitable, however, we prefer to see bugs fixed proactively," it reads.