SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   SSH Vendors:   SSH Communications
Re: SSH's Secure Shell for Windows 2.4 Can Be Crashed By Remote Users
SecurityTracker Alert ID:  1001112
SecurityTracker URL:  http://securitytracker.com/id/1001112
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Mar 17 2001
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2.4 for Windows Only
Description:   USSR Labs announced discovery of a denial of service condition in the Windows version of SSH's Secure Shell (SSHD) in which a remote user with access to the sshd port can cause the sshd process to crash.

SSH communications confirms that if there are more than 64 active connections in the SSH Secure Shell Windows server, the sshd mother process will die.

The vendor is currently fixing this problem and has announced a temporary solution while a permanent fix is prepared.

Impact:   A remote user with access to the sshd port can cause the sshd process to crash.
Solution:   The vendor presents a temporary solution:

"As every active connection creates at least one event, setting the MaxConnections keyword in the sshd2_config file to a value under 64 fixes this problem.

## General settings
MaxConnections 50

Setting the maximum number of connections to 50 leaves a safe margin for additional events which are generated depending on the environment."

Vendor URL:  www.ssh.com (Links to External Site)
Cause:   Exception handling error
Underlying OS:  Windows (NT), Windows (2000)

Message History:   This archive entry is a follow-up to the message listed below.
Mar 15 2001 SSH's Secure Shell for Windows 2.4 Can Be Crashed By Remote Users



 Source Message Contents

Subject:  Re: Remote DoS attack against SSH Secure Shell for Windows


If there are more than 64 active connections in the SSH Secure Shell
Windows server, the sshd mother process dies. We (SSH Communications
Security) are currently fixing this problem. In the meantime, a
temporary solution is available. As every active connection creates at
least one event, setting the MaxConnections keyword in the sshd2_config
file to a value under 64 fixes this problem.

## General settings
        MaxConnections                  50

Setting the maximum number of connections to 50 leaves a safe margin for
additional events which are generated depending on the environment.

--
Kirsi Niskanen
Technical Service Engineer
SSH Communications Security Corp

http://www.ssh.com/
http://www.ssh.com/support/ssh/
http://www.ssh.com/tech/ssh_query.html/

--Security for your convenience--


> Hash: SHA1
>
>                                    U.S.S.R labs
>                              Buenos Aires, Argentina
>                              http://www.ussrback.com
>
> Topic:              Remote DoS attack against SSH Secure Shell for
> Windows Servers Vulnerability
> USSR Advisory Code: USSR-2001001
> Announced:          2001-03-16
> Credits:            Luciano Martins <luck@ussrback.com>
> Affects:            SSH Secure Shell for Windows Server 2.4
> Corrected:          SSH Secure Shell for Windows Server 2.5 available
> soon
> Vendors Affected:   SSH Communications Security Corp
>                     http://www.ssh.com/
>
> 1. Discussion
>
> UssrLabs has recently discovered a problem with Windows versions of
> sshd.
> The problem lies with adjacent connection handling where the sshd is
> unable to handle 64 simulataneous connections. As a result the sshd
> will
> crash, and no services to the sshd will be accepted.
>
> The problem lies in ssheloop.c where the assertion test fails.
>
> The Event Log displays the following code after 64 connections are
> spawned:
>
>   FATAL ERROR: E:\src\lib\sshutil\ssheloop\win32\ssheloop.c:1597
> SshEventLoop
>   (function name unavailable) Assertion failed:
> ssh_adt_num_objects(ssh_eloop_events) < 64
>
> No doubt, proper error handling techniques have not been implemented
> for
> the SshEventLoop which ultimately causes the crash.
>
> This results in a Denial of Service against the service in question.
>
> 2. Vendor Status:
> Informed, Contacted.
>
> 3. Fix:
> official fix will be available soon.
>
> Related Links:
>
> Underground Security Systems Research:
> http://www.ussrback.com
>
> CrunchSp Product:
> http://www.crunchsp.com
>
> About:
>
> USSR is an emerging security company based in South America.
> We are devoted to network security research, vulnerability research,
> and software protection systems. One of the main objectives of USSR
> is to develop and implement cutting edge security and protection
> systems
> that cater to an evolving market.
>
> We believe that the way we implement security solutions can make a
> difference. CrunchSP is an example, providing a solution to software
> piracy. Our solutions such as CrunchSP are devoted to protecting your
> enterprise.
>
> On a daily basis, we research, develop, discover and report
> vulnerability information.  We make this information freely available
> via public forums such as BugTraq, and our advisory board located at
> http://www.ussrback.com.
>
> The USSR is a highly skilled, experienced team.  Many USSR
> programmers, as well as programmers of partners and affiliates, are
> seasoned professionals, with 12 or more years of industry experience.
>  A
> knowledge base of numerous computer applications as well as many high
> and
> low level programming languages makes USSRback a diverse team of
> experts
> prepared to serve the needs of any customer.
>
> USSR has assembled some of the world's greatest software developers
> and security consultants to provide our customers with a wide range
> of enterprise level services.  These services include:
>
> * Network Penetration Testing
> * Security Application development
> * Application Security Testing and Certification
> * Security Implementations
> * Cryptography
> * Emergency Response Team
> * Firewalling
> * Virtual Private Networking
> * Intrusion Detection
> * Support and maintenance
>
> For more information, please contact us via email at
> labs@ussrback.com.
>
> Copyright (c) 1999-2000 Underground Security Systems Research.
> Permission is hereby granted for the redistribution of this alert
> electronically. It is not to be edited in any way without explicit
> consent of USSR. If you wish to reprint whole or any part of this
> alert in any other medium excluding electronic medium, please e-mail
> labs@ussrback.com for permission.
>
> Disclaimer:
> The information within this paper may change without notice. We may
> not be held responsible for the use and/or potential effects of these
> programs or advisories.  Use them and read them at your own risk or
> not at all. You solely are responsible for this judgment.
>
> Feedback:
>
> If you have any questions, comments, concerns, updates, or
> suggestions please feel free to send them to:
>
> Underground Security Systems Research
> mail:labs@ussrback.com
> http://www.ussrback.com
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 7.0.1
>
> iQA/AwUBOrEM663JcbWNj6DDEQJllgCgr26/1PThgwtGt+qFAojQ1YgIsOAAoPol
> er7tM1jdHclYzpWzztAu8ykr
> =wTwP
> -----END PGP SIGNATURE-----
>
>
----------------------------------------------------------------------------

> Delivery co-sponsored by BindView Corporation
>
============================================================================

> Are your security practices adequate enough to protect you from
hackers
> and
> crackers?  How do you provide remote access to your users, enable
e-mail
> messaging, Internet sites and e-commerce activity, and at the same
time
> maintain security?  Can you implement and administer the effective
> security
> measures you need without doing battle with the people who need access

> to
> your network?
>
> Download FREE the latest Hurwitz Group Report, Management Controls:
> Security Impact of IT Administration at
> <http://www.bindview.com/hurwitz3>
>
----------------------------------------------------------------------------


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC