SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   SSH Vendors:   SSH Communications
SSH's Secure Shell for Windows 2.4 Can Be Crashed By Remote Users
SecurityTracker Alert ID:  1001087
SecurityTracker URL:  http://securitytracker.com/id/1001087
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Mar 15 2001
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2.4 for Windows Only
Description:   USSR Labs announced discovery of a denial of service condition in the Windows version of SSH's Secure Shell (SSHD) in which a remote user with access to the sshd port can cause the sshd process to crash.

The server crashes due to an issue with adjacent connection handling where the sshd server is unable to handle 64 or more simulataneous connections. If this number of simultaneous connections are presented to the server, the sshd process will crash, and no connections to the sshd process will be accepted.

The problem reportedly exists in ssheloop.c where the SshEventLoop fails.

See USSR Advisory Code USSR-2001001 for more information.

Impact:   A remote user with access to the sshd port can cause the sshd process to crash.
Solution:   The vendor is releasing SSH Secure Shell for Windows Server 2.5 to correct the problem.
Vendor URL:  www.ssh.com (Links to External Site)
Cause:   Exception handling error
Underlying OS:  Windows (NT), Windows (2000)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Re: SSH's Secure Shell for Windows 2.4 Can Be Crashed By Remote Users
The vendor confirms the vulnerability and announces that they are working on a fix. In the meantime, the vendor has described a temporary solution.



 Source Message Contents

Subject:  Remote DoS attack against SSH Secure Shell for Windows Servers


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


                                   U.S.S.R labs
                             Buenos Aires, Argentina
                             http://www.ussrback.com

Topic:              Remote DoS attack against SSH Secure Shell for
Windows Servers Vulnerability
USSR Advisory Code: USSR-2001001
Announced:          2001-03-16
Credits:            Luciano Martins <luck@ussrback.com>
Affects:            SSH Secure Shell for Windows Server 2.4
Corrected:          SSH Secure Shell for Windows Server 2.5 available
soon
Vendors Affected:   SSH Communications Security Corp
                    http://www.ssh.com/

1. Discussion

UssrLabs has recently discovered a problem with Windows versions of
sshd.
The problem lies with adjacent connection handling where the sshd is
unable to handle 64 simulataneous connections. As a result the sshd
will
crash, and no services to the sshd will be accepted.

The problem lies in ssheloop.c where the assertion test fails.

The Event Log displays the following code after 64 connections are
spawned:

  FATAL ERROR: E:\src\lib\sshutil\ssheloop\win32\ssheloop.c:1597
SshEventLoop
  (function name unavailable) Assertion failed:
ssh_adt_num_objects(ssh_eloop_events) < 64

No doubt, proper error handling techniques have not been implemented
for
the SshEventLoop which ultimately causes the crash.

This results in a Denial of Service against the service in question.


2. Vendor Status:
Informed, Contacted.

3. Fix:
official fix will be available soon.

Related Links:

Underground Security Systems Research:
http://www.ussrback.com

CrunchSp Product:
http://www.crunchsp.com

About:

USSR is an emerging security company based in South America.
We are devoted to network security research, vulnerability research,
and software protection systems. One of the main objectives of USSR
is to develop and implement cutting edge security and protection
systems
that cater to an evolving market.

We believe that the way we implement security solutions can make a
difference. CrunchSP is an example, providing a solution to software
piracy. Our solutions such as CrunchSP are devoted to protecting your
enterprise.

On a daily basis, we research, develop, discover and report
vulnerability information.  We make this information freely available
via public forums such as BugTraq, and our advisory board located at
http://www.ussrback.com.

The USSR is a highly skilled, experienced team.  Many USSR
programmers, as well as programmers of partners and affiliates, are
seasoned professionals, with 12 or more years of industry experience.
 A
knowledge base of numerous computer applications as well as many high
and
low level programming languages makes USSRback a diverse team of
experts
prepared to serve the needs of any customer.

USSR has assembled some of the world's greatest software developers
and security consultants to provide our customers with a wide range
of enterprise level services.  These services include:

* Network Penetration Testing
* Security Application development
* Application Security Testing and Certification
* Security Implementations
* Cryptography
* Emergency Response Team
* Firewalling
* Virtual Private Networking
* Intrusion Detection
* Support and maintenance

For more information, please contact us via email at
labs@ussrback.com.

Copyright (c) 1999-2000 Underground Security Systems Research.
Permission is hereby granted for the redistribution of this alert
electronically. It is not to be edited in any way without explicit
consent of USSR. If you wish to reprint whole or any part of this
alert in any other medium excluding electronic medium, please e-mail
labs@ussrback.com for permission.

Disclaimer:
The information within this paper may change without notice. We may
not be held responsible for the use and/or potential effects of these
programs or advisories.  Use them and read them at your own risk or
not at all. You solely are responsible for this judgment.

Feedback:

If you have any questions, comments, concerns, updates, or
suggestions please feel free to send them to:

Underground Security Systems Research
mail:labs@ussrback.com
http://www.ussrback.com

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.1

iQA/AwUBOrEM663JcbWNj6DDEQJllgCgr26/1PThgwtGt+qFAojQ1YgIsOAAoPol
er7tM1jdHclYzpWzztAu8ykr
=wTwP
-----END PGP SIGNATURE-----

----------------------------------------------------------------------------
Delivery co-sponsored by BindView Corporation
============================================================================
Are your security practices adequate enough to protect you from hackers and
crackers?  How do you provide remote access to your users, enable e-mail
messaging, Internet sites and e-commerce activity, and at the same time
maintain security?  Can you implement and administer the effective security
measures you need without doing battle with the people who need access to
your network?

Download FREE the latest Hurwitz Group Report, Management Controls:
Security Impact of IT Administration at <http://www.bindview.com/hurwitz3>
----------------------------------------------------------------------------

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC