精華區beta FreeBSD 關於我們 聯絡資訊
-----BEGIN PGP SIGNED MESSAGE----- TW-CA-2002-244-[CA-2002-36: Multiple Vulnerabilities in SSH Implementations] - - ----------------------------------------------------------------------------- TWCERT發布日期:2002-12-26 原漏洞發布日期:2002-12-16 分類: Denial of Service Gain Priviledge 來源參考:CA-2002-36 - - ------ 簡述 ----------------------------------------------------------------- 很多廠商的 secure shell (SSH) 傳輸層協定實作含有很多弱點,攻擊者可能利用 SSH process 權限執行任意指令或造成阻斷服務攻擊。 這些弱點影響 SSH clients 和 servers,並且在執行使用者認證以前發生。 摘要資訊可參閱 Systems Affected section 編號 VU#389665。 - - ------ 說明 ----------------------------------------------------------------- SSH protocol 啟動 client 到 server 間的安全連結,請參考 IETF: http://www.ietf.org/internet-drafts/draft-ietf-secsh-transport-15.txt SSH傳輸層是安全性較低的傳輸協定,提供加密、加密技術認證以及安全保護等等,主要的 訊息交換技術是利用公鑰演算法(public key algorithm)、對稱式加密、訊息驗證 (Message Authentication)以及雜湊演算法。 Rapid7 發展一套軟體可以偵測SSH 傳輸層協定的起始連結狀態、公鑰的交換以及協商狀態 (negotiation phase)。 這個軟體可以偵測 SSH 傳輸層協定在處理不合法或不正確的封包 或字串長度、不正確的封包填充長度、不合法的字串或不正確的演算法等。 這個軟體會以驗證許多不同廠商的 SSH 產品的安全漏洞。這些漏洞包含了沒有認證使用者 身份以及緩衝區溢位(buffer overflows)等問題。 SSHredder 主要是設計用來測試金鑰的交換以及一些特別的 SSH 2.0 版本的問題;然而, 部分的測試也可以用在 SSH 1.0 版。 更進一步的資訊可參閱 Vulnerability Note VU#389665。 Rapid7 發布了更進一步的 advisory (R7-0009) 以及 SSHredder 的測試版本。 Common Vulnerabilities and Exposures(CVE) 關於 SSHredder 的漏洞編號如下: CAN-2002-1357 - incorrect field lengths CAN-2002-1358 - lists with empty elements or multiple separators CAN-2002-1359 - "classic" buffer overflows CAN-2002-1360 - null characters in strings - - ------ 影響平台 ------------------------------------------------------------- SSH clients 和 servers 的 Secure shell (SSH) 協定執行。 - - ------ 修正方式 ------------------------------------------------------------- - -- 安裝修正程式或升級。 更進一步的資訊可以在"系統影響"部分(Systems Affected section of VU#389665)找到相 關資訊。 - -- 限制存取 使用防火牆或其他的封包過濾系統(packet-filtering systems)限制 SSH servers 存取到 可信任的主機與網路。有些 SSH servers 可能可以用 IP 位址限制存取,或用 TCP wrappers 或其他相關技術達到類似的效果。 SSH clients 可藉 IP 位址連到可信賴的 servers 降低受攻擊的風險。 若這些方式無法防止這些弱點,也稍微增加攻擊的困難,在某種程度上可限制攻擊來源。 - - ------ 影響結果 ------------------------------------------------------------- 對於不同的漏洞有不同的影響,在很多的案例中都是使用者可取得 SSH 權限執行任意指令 。在 SSH 傳輸層協定,SSH Clients 和 Servers 都會受影響。 在微軟的系統 SSH server 常使用系統權限(SYSTEM privileges)執行,在 Unix 系統 SSH deamon 常使用 root 權限執行。 至於 SSH client,任一支援攻擊的程式會以啟動 client 程式的使用者權限執行。 當 SSH client 為 setuid 或 setgid 更高權限的使用者,例如 root,則攻擊者可取得其 他權限,中斷 SSH process,造成阻斷服務攻擊。 - - ------ 連絡 TWCERT/CC ------------------------------------------------------- Tel: 886-7-5250211 FAX: 886-7-5250212 886-2-23563303 886-2-23924082 Email: [email protected] URL: http://www.cert.org.tw/ PGP key: http://www.cert.org.tw/eng/pgp.htm =============================================================================== 附件:[Multiple Vulnerabilities in SSH Implementations] - - ----- 原文------------------------------------------------------------------- CERTR Advisory CA-2002-36 Multiple Vulnerabilities in SSH Implementations Original issue date: December 16, 2002 Last revised: December 20, 2002 Source: CERT/CC A complete revision history is at the end of this file. Systems Affected Secure shell (SSH) protocol implementations in SSH clients and servers from multiple vendors Overview Multiple vendors' implementations of the secure shell (SSH) transport layer protocol contain vulnerabilities that could allow a remote attacker to execute arbitrary code with the privileges of the SSH process or cause a denial of service. The vulnerabilities affect SSH clients and servers, and they occur before user authentication takes place. Summary vendor information can be found in the Systems Affected section of VU#389665. I. Description The SSH protocol enables a secure communications channel from a client to a server. From the IETF draft SSH Transport Layer Protocol: The SSH transport layer is a secure low level transport protocol. It provides strong encryption, cryptographic host authentication, and integrity protection.... Key exchange method, public key algorithm, symmetric encryption algorithm, message authentication algorithm, and hash algorithm are all negotiated. Rapid7 has developed a suite (SSHredder) of test cases that examine the connection initialization, key exchange, and negotiation phase (KEX, KEXINIT) of the SSH transport layer protocol. The suite tests the way an SSH transport layer implementation handles invalid or incorrect packet and string lengths, padding and padding length, malformed strings, and invalid algorithms. The test suite has demonstrated a number of vulnerabilities in different vendors' SSH products. These vulnerabilities include buffer overflows, and they occur before any user authentication takes place. SSHredder was primarily designed to test key exchange and other processes that are specific to version 2 of the SSH protocol; however, certain classes of tests are also applicable to version 1. Further information about this set of vulnerabilities may be found in Vulnerability Note VU#389665. Rapid7 has published a detailed advisory (R7-0009) and the SSHredder test suite. Common Vulnerabilities and Exposures (CVE) has assigned the following candidate numbers for several classes of tests performed by SSHredder: CAN-2002-1357 - incorrect field lengths CAN-2002-1358 - lists with empty elements or multiple separators CAN-2002-1359 - "classic" buffer overflows CAN-2002-1360 - null characters in strings II. Impact The impact will vary for different vulnerabilities and products, but in severe cases, remote attackers could execute arbitrary code with the privileges of the SSH process. Both SSH clients and servers are affected, since both implement the SSH transport layer protocol. On Microsoft Windows systems, SSH servers commonly run with SYSTEM privileges, and on UNIX systems, SSH daemons typically run with root privileges. In the case of SSH clients, any attacker-supplied code would run with at least the privileges of the user who started the client program. Additional privileges may be afforded to an attacker when the SSH client is setuid or setgid to a more privileged user, such as root. Attackers could also crash a vulnerable SSH process, causing a denial of service. III. Solution Apply a patch or upgrade Apply the appropriate patch or upgrade as specified by your vendor. See Appendix A. below and the Systems Affected section of VU#389665 for further information. Restrict access Limit access to SSH servers to trusted hosts and networks using firewalls or other packet-filtering systems. Some SSH servers may have the ability to restrict access based on IP addresses, or similar effects may be achieved by using TCP wrappers or other related technology. SSH clients can reduce the risk of attacks by only connecting to trusted servers by IP address. While these workarounds will not prevent exploitation of these vulnerabilities, they will make attacks somewhat more difficult, in part by limiting the number of potential sources of attacks. Appendix A. Vendor Information This appendix contains information provided by vendors. When vendors report new information, this section is updated and the changes are noted in the revision history. If a vendor is not listed below, we have not received their comments. The Systems Affected section of VU#389665 contains additional vendor status information. Apple Computer Inc. Apple: Mac OS X and Mac OS X Server do not contain the vulnerabilities described in this report. Cisco Systems, Inc. Cisco Systems has several products that are vulnerable to the attacks posed by the SSHredder test suite. Complete details are available at http://www.cisco.com/warp/public/707/ssh-packet-suite-vuln.shtml. Based on initial testing and evaluation of this vulnerability, earlier versions of this advisory listed Cisco Systems as "Not Vulnerable." Upon additional internal testing it was determined that some Cisco products were indeed vulnerable. Cray Inc. Cray Inc. supports the OpenSSH product through their Cray Open Software (COS) package. COS 3.3, available the end of December 2002, is not vulnerable. If a site is concerned, they can contact their local Cray representive to obtain an early copy of the OpenSSH contained in COS 3.3. F-Secure F-Secure SSH products are not exploitable via these attacks. While F-Secure SSH versions 3.1.0 build 11 and earlier crash on these malicious packets, we did not find ways to exploit this to gain unauthorized access or to run arbitrary code. Furthermore, the crash occurs in a forked process so the denial of service attacks are not possible. Fujitsu Fujitsu's UXP/V OS is not vulnerable because it does not support SSH. Hewlett-Packard SOURCE: Hewlett-Packard Company HP Tru64 UNIX V5.1a or HP OpenVMS systems using SSH V2.4.1 should upgrade to SSH V3.2. HP has investigated this report and find that our implementations within HP-UX are not vulnerable. IBM IBM's AIX is not vulnerable to the issues discussed in CERT CA-2002-36. lsh I've now tried the testsuite with the latest stable release of lsh, lsh-1.4.2. Both the client and the server seem NOT VULNERABLE. NetScreen Technologies Inc. Tested latest versions. Not Vulnerable. OpenSSH - From my testing it seems that the current version of OpenSSH (3.5) is not vulnerable to these problems, and some limited testing shows that no version of OpenSSH is vulnerable. Pragma Systems, Inc. December 16, 2002 Rapid 7 and CERT Coordination Center Vulnerability report VU#389665 Pragma Systems Inc. of Austin, Texas, USA, was notified regarding a possible vulnerability with Version 2.0 of Pragma SecureShell. Pragma Systems tested Pragma SecureShell 2.0 and the upcoming new Version 3.0, and found that the attacks did cause a memory access protection fault on Microsoft platforms. After research, Pragma Systems corrected the problem. The correction of the problem leads us to believe that any attack would not cause a Denial of Service, or the ability of random code to run on the server. The problem is corrected in Pragma SecureShell Version 3.0. Any customers with concerns regarding this vulnerability report should contact Pragma Systems, Inc at [email protected] for information on obtaining an upgrade free of charge. Pragma's web site is located at www.pragmasys.com and the company can be reached at 1-512-219-7270. SSH Communications Security With SSH Secure Shell the worst case effect of the vulnerability is a denial of service (DoS) for a single child-server (connection). This cannot be exploited to gain access to the host and this does not affect the parent server in any wa nor does it hinder the server's ability to receive new connections - it only affects the child server that is handling connections to the malicious client, or a client application that is connecting to a malicious server. No arbitrary code can be executed. Sun Microsystems Inc. The version of Secure Shell (SSH) shipped with Solaris 9 is not affected by the issues described in CERT VU#389665. VanDyke Software - From our testing it seems that the current versions of VanDyke's Secure Shell implementations are not vulnerable to these problems, and some limited testing shows that no prior VanDyke Secure Shell implementations are vulnerable. Official Releases Tested: Server: VShell 2.1.1 October 15, 2002 Clients: SecureCRT 4.0.2 December 3, 2002 SecureFX 2.1.1 November 7, 2002 Entunnel 1.0.1 October 15, 2002 Older Releases Tested: Servers: VShell 2.0.3 May 28, 2002 VShell 1.2.4 May 28, 2002 Clients: SecureCRT 3.4.7 November 7, 2002 Appendix B. References CERT/CC Vulnerability Note: VU#389665 - http://www.kb.cert.org/vuls/id/389665 Rapid 7 Advisory: R7-0009 - http://www.rapid7.com/advisories/R7-0009.txt Rapid 7 SSHredder test suite - http://www.rapid7.com/perl/DownloadRequest.pl?PackageChoice=666 IETF Draft: SSH Transport Layer Protocol - http://www.ietf.org/internet-drafts/draft-ietf-secsh-transport-15.txt IETF Draft: SSH Protocol Architecture - http://www.ietf.org/internet-drafts/draft-ietf-secsh-architecture-13.txt Privilege Separated OpenSSH - http://www.citi.umich.edu/u/provos/ssh/privsep.html - -------------------------------------------------------------------------------- The CERT Coordination Center thanks Rapid7 for researching and reporting these vulnerabilities. - -------------------------------------------------------------------------------- Authors: Art Manion. - -------------------------------------------------------------------------------- This document is available from: http://www.cert.org/advisories/CA-2002-36.html - -------------------------------------------------------------------------------- CERT/CC Contact Information Email: [email protected] Phone: +1 412-268-7090 (24-hour hotline) Fax: +1 412-268-6989 Postal address: CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh PA 15213-3890 U.S.A. CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) / EDT(GMT-4) Monday through Friday; they are on call for emergencies during other hours, on U.S. holidays, and on weekends. Using encryption We strongly urge you to encrypt sensitive information sent by email. Our public PGP key is available from http://www.cert.org/CERT_PGP.key If you prefer to use DES, please call the CERT hotline for more information. Getting security information CERT publications and other security information are available from our web site http://www.cert.org/ To subscribe to the CERT mailing list for advisories and bulletins, send email to [email protected]. Please include in the body of your message subscribe cert-advisory * "CERT" and "CERT Coordination Center" are registered in the U.S. Patent and Trademark Office. - -------------------------------------------------------------------------------- NO WARRANTY Any material furnished by Carnegie Mellon University and the Software Engineering Institute is furnished on an "as is" basis. Carnegie Mellon University makes no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use of the material. Carnegie Mellon University does not make any warranty of any kind with respect to freedom from patent, trademark, or copyright infringement. - -------------------------------------------------------------------------------- Conditions for use, disclaimers, and sponsorship information Copyright 2002 Carnegie Mellon University. Revision History December 16, 2002: Initial release, clarified setuid/setgid SSH client impact, updated IBM statement December 17, 2002: Added VanDyke statement, updated SSH.com statement, removed PuTTY statement, added DoS impact, fixed Pragma link December 18, 2002: Updated Cisco statement, added HP statement December 20, 2002: Updated Cisco statement, added Sun statement, added Apple statement, added vendor information link to Overview =============================================================================== =============================================================================== -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQEVAwUBPg/z/6cyQYefg2/NAQEwXggAnbz8mZp0QwuNGS+TX0HZPa5Wu7qFhB8D 9Rhop56KvnSuikTxZ+lpX9Gg+Om+SyeLH/1E8i6TuZd28VAeBpX5YsqL5clFxKq+ QEiAmyTQnidLKzRg9v8NVjWwTcVeZ8JN4iZc7tR4iCDInGlWJeYIMkDLh3OUKjpZ ZGIb0tZo/cw0D8O9H8A2OLeuk5Qy+g+r0hKEqnLeUPdtMJoXLq1FQKnmRAkaN6ve ryK3u5ky4k07VnQGGXiXbpDJPhV2jSl9PhF3XdkueECc5Hxco7eCxZeBSOY+7xIt ou4UwnMw/9PU2fklBpU8u+SYpMQ79BMR9tLgarDaBYXGIWmqLaIQkg== =diCL -----END PGP SIGNATURE----- -- Taiwan Computer Emergency Response Team Security Advisory mailing list. Mail to : [email protected] and include a line "subscribe advisory". Please visit http://www.cert.org.tw/. PGP key : http://www.cert.org.tw/eng/pgp.htm -- , ~ \ Bigfish -- ※Post by bigfish from 61-223-130-16.HINET-IP.h ◢ ◣ ███◣ ▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂ █◢◣█ █ █ 風塵埃的對話 BBS ˙ wdbbs.net ◥◤◥◤ ███◤ ▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇