|
|
| |
| Internet Security Systems (ISS) X-Force has learned of extensive exploitation of a serious Secure Shell (SSH) remote vulnerability. This vulnerability may allow remote attackers to execute arbitrary code on a target system without any specific knowledge of that host. An advanced exploit for this vulnerability exists and is being used in the wild. The serious nature of this vulnerability is compounded by the confusing nature of SSH product versions and patches. |
| |
Credit:
Remote vulnerability in SSH daemon crc32 compensation attack detector
http://www.securiteam.com/securitynews/5LP042K3FY.html
Cisco Security Advisory: Multiple SSH Vulnerabilities
http://www.securiteam.com/securitynews/5LP10004KE.html
OpenSSH Security
http://www.openssh.com/security.html
The information has been provided by X-Force.
|
| |
Affected Versions:
Cisco Catalyst 6000 6.2(0.110)
Cisco IOS 12.0S
* Cisco IOS 12.1xx-12.2xx
Cisco PIX Firewall 5.2(5)
Cisco PIX Firewall 5.3(1)
SSH Communications Security SSH 2.x and 3.x (if SSH Version 1 fallback is enabled)
SSH Communications Security SSH 1.2.23-1.2.31
F-Secure SSH versions prior to 1.3.11-2
OpenSSH versions prior to 2.3.0 (if SSH Version 1 fallback is enabled)
OSSH 1.5.7
* Note: Please refer to the Cisco Security Advisory in the "Additional Information" section of this alert.
A serious vulnerability in the SSH daemon (SSHd) affecting most current SSHd versions was reported in February 2001. Different implementations of the SSH protocol are listed in the "Affected Versions" section. Maintainers of vulnerable SSH versions issued patches soon after the vulnerability was made public.
The vulnerability exists in affected SSH versions when integer calculations are not handled correctly, resulting in a buffer overflow condition. Exploitation of this vulnerability at the time was considered extremely difficult, but not technically impossible.
X-Force has learned of extensive scanning for vulnerable SSH servers. Lists of vulnerable servers would be extremely easy for attackers to gather. The version information can be obtained by making a connection is made to port 22 of SSHd, which will display a banner with SSH version information.
The problem is compounded by the fact that newer and non-vulnerable SSH servers can be installed in conjunction with older, vulnerable SSHd daemons to handle legacy SSH Version 1 connections. It is important to note that upgrading to a new SSH Version 2 daemon may not patch this vulnerability. Please refer to the "Affected Versions" section for more information.
Recommendations:
ISS X-Force recommends that security and network administrators examine their SSH configurations to determine if patching is necessary and if SSH Version 1 connection fallback is still enabled. X-Force recommends upgrading to new SSH Version 2 support if possible. If SSH, Version 1 is not used, disable fallback and remove old SSHd Version 1 binaries. Please refer to your vendor to obtain patch and upgrade information.
Cisco: http://www.cisco.com
OpenSSH: http://www.openssh.com
SSH Communications Security: http://www.ssh.com
F-Secure: http://www.f-secure.com/support/ssh/
|
|
|
|
|
|
|
|
