|
|
|
|
| |
Three different Cisco product lines are susceptible to multiple vulnerabilities in the Secure Shell (SSH) protocol. These issues are inherent to the SSH protocol version 1.5, which is implemented in several Cisco product lines.
By exploiting the weakness in the SSH protocol, it is possible to insert an arbitrary commands into an established SSH session, collect information that may help in brute force key recovery, or brute force a session key. |
| |
Credit:
The information has been provided by Cisco Systems Product Security Incident Response Team.
|
| |
Vulnerable systems:
* All devices running Cisco IOS software supporting SSH. That includes routers and switches running Cisco IOS.
* Catalyst 6000 switches running CatOS.
* Cisco PIX Firewall.
Details:
An implementation of SSH in multiple Cisco products are vulnerable to three different vulnerabilities. These vulnerabilities are:
CRC-32 integrity check vulnerability
This vulnerability has been described in a CORE SDI S.A. paper entitled An attack on CRC-32 integrity checks of encrypted channels using CBC and CFB modes.
In order for this attack to succeed, an attacker must possess one or two known cipher text/plaintext pairs. This should not be difficult since every session starts with a greeting screen which is fixed and which can be determined. This also implies that an attacker must be somewhere along the session path in order to be able to sniff the session and collect corresponding cipher text.
For further technical details, see our previous post: SSH1 'CRC-32 compensation attack detector' vulnerability leads to remote code execution.
Traffic analysis:
This issue has been described in an analysis jointly made by Dug Song and Solar Designer in a paper titled Passive Analysis of SSH (Secure Shell) Traffic.
To exploit this vulnerability, an attacker must be able to capture packets. When sending a packet using the SSH protocol, it is padded to the next 8-byte boundary, but the exact length of the data (without the padding) is sent unencrypted.
The timing between packets may yield additional information, such as the relative position of a letter on the keyboard, but that depends on overall jitter in the network and the typing habits of the person.
For additional information, please see our previous post: Passive Analysis of SSH (Secure Shell) Traffic.
Key recovery in SSH protocol 1.5:
This has been discovered by CORE SDI S.A. and is described at SSH protocol 1.5 session key recovery vulnerability.
In order to exploit this vulnerability, an attacker must be able to sniff the SSH session and be able to establish a connection to the SSH server. In order to recover the server key, an attacker must perform an additional 2^20+2^19=1572864 connections. Since the key has a lifespan of about an hour, this means that an attacker must perform around 400 connections per second.
For further details, please see our previous post: SSH protocol 1.5 session key recovery vulnerability.
Impact:
CRC-32 integrity check vulnerability:
By exploiting this protocol weakness, the attacker can insert arbitrary commands in the session after the session has been established.
Traffic analysis:
This vulnerability exposes the exact lengths of the passwords used for login authentication. This is only applicable to an interactive session that is being established over the tunnel protected by SSH. This can significantly help an attacker in guessing the password using the brute force attack.
Key recovery in SSH protocol 1.5:
This vulnerability may lead to the compromise of the session key. Once the session key is determined, the attacker can proceed to decrypt the stored session using any implementation of the crypto algorithm used. This will reveal all information in an unencrypted form.
Software Versions and Fixes:
For a table listing all vulnerable products and appropriate patches please see:
http://www.cisco.com/warp/public/707/SSH-multiple-pub.html#Software
Obtaining fixed software:
Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's Worldwide Web site at http://www.cisco.com.
Customers whose Cisco products are provided or maintained through prior or existing agreement with third-party support organizations such as Cisco Partners, authorized resellers, or service providers should contact that support organization for assistance with the upgrade, which should be free of charge.
Customers who purchase directly from Cisco but who do not hold a Cisco service contract, and customers who purchase through third party vendors but are unsuccessful at obtaining fixed software through their point of sale should get their upgrades by contacting the Cisco Technical Assistance Center (TAC).
Workarounds:
There are no workarounds for these vulnerabilities.
|
|
|
|
|
