Three different Cisco product lines are susceptible to multiple vulnerabilities in the Secure Shell (SSH) protocol. These issues are inherent to the SSH protocol version 1.5, which is implemented in several Cisco product lines.
By exploiting the weakness in the SSH protocol, it is possible to insert an arbitrary commands into an established SSH session, collect information that may help in brute force key recovery, or brute force a session key.
In order for this attack to succeed, an attacker must possess one or two known cipher text/plaintext pairs. This should not be difficult since every session starts with a greeting screen which is fixed and which can be determined. This also implies that an attacker must be somewhere along the session path in order to be able to sniff the session and collect corresponding cipher text.
To exploit this vulnerability, an attacker must be able to capture packets. When sending a packet using the SSH protocol, it is padded to the next 8-byte boundary, but the exact length of the data (without the padding) is sent unencrypted.
The timing between packets may yield additional information, such as the relative position of a letter on the keyboard, but that depends on overall jitter in the network and the typing habits of the person.
Key recovery in SSH protocol 1.5:
This has been discovered by CORE SDI S.A. and is described at SSH protocol 1.5 session key recovery vulnerability.
In order to exploit this vulnerability, an attacker must be able to sniff the SSH session and be able to establish a connection to the SSH server. In order to recover the server key, an attacker must perform an additional 2^20+2^19=1572864 connections. Since the key has a lifespan of about an hour, this means that an attacker must perform around 400 connections per second.
Impact: CRC-32 integrity check vulnerability:
By exploiting this protocol weakness, the attacker can insert arbitrary commands in the session after the session has been established.
Traffic analysis:
This vulnerability exposes the exact lengths of the passwords used for login authentication. This is only applicable to an interactive session that is being established over the tunnel protected by SSH. This can significantly help an attacker in guessing the password using the brute force attack.
Key recovery in SSH protocol 1.5:
This vulnerability may lead to the compromise of the session key. Once the session key is determined, the attacker can proceed to decrypt the stored session using any implementation of the crypto algorithm used. This will reveal all information in an unencrypted form.
Obtaining fixed software:
Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's Worldwide Web site at http://www.cisco.com.
Customers whose Cisco products are provided or maintained through prior or existing agreement with third-party support organizations such as Cisco Partners, authorized resellers, or service providers should contact that support organization for assistance with the upgrade, which should be free of charge.
Customers who purchase directly from Cisco but who do not hold a Cisco service contract, and customers who purchase through third party vendors but are unsuccessful at obtaining fixed software through their point of sale should get their upgrades by contacting the Cisco Technical Assistance Center (TAC).
Workarounds:
There are no workarounds for these vulnerabilities.
