SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   SSH Vendors:   SSH Communications
SSH Secure Shell RSA Signature Verification Flaw May Let Remote Users Forge Valid Signatures
SecurityTracker Alert ID:  1007086
SecurityTracker URL:  http://securitytracker.com/id/1007086
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jun 30 2003
Impact:   Host/resource access via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): SSH Secure Shell 3.1.0 - 3.1.7 and 3.2.0 - 3.2.4; SSH IPSEC Express Toolkit 5.0.0
Description:   An authentication vulnerability was reported in the SSH Secure Shell software and in the SSH IPSEC Express Toolkit. A remote user may be able to forge RSA signatures.

SSH reports that certain RSA signatures may be incorrectly verified as valid when performing host or user authentication using digital certificates and RSA keys. The vulnerability affects the RSA PKCS v1.5 signature scheme implementation, according to the vendor.

The vendor reports that other user authentication methods are not affected (including password, RSA SecurID, and keyboard-interactive authentication methods).

The vulnerability is due to "incorrect error reporting in the code path."

A remote user may be able to forge a valid signature without having the corresponding RSA private key. However, the vendor reports that this may be difficult to exploit successfully.

Impact:   A remote user may be able to forge a valid RSA signature.
Solution:   The vendor has released the following fixed versions:

SSH Secure Shell 3.1.8 and 3.2.5
SSH IPSEC Express Toolkit 5.1.1

These fixed versions are available at:

http://www.ssh.com/support/downloads/


The 3.1.8 version binaries can be installed on the old 3.1.x binaries (if you have the appropriate license).

SSH Secure Shell for Workstations 3.1:

http://www.ssh.com/support/downloads/secureshellwks/updates-and-packages-3-1.html

SSH Secure Shell for Servers 3.1:

http://www.ssh.com/support/downloads/secureshellserver/updates-and-packages-3-1.html

SSH Secure Shell for Windows Servers 3.1:

http://www.ssh.com/support/downloads/secureshellwinserver/updates-and-packages-3-1.html


The 3.2.5 version binaries can be installed on the old 3.2.x binaries (if you have the appropriate license).

SSH Secure Shell for Workstations 3.2:

http://www.ssh.com/support/downloads/secureshellwks/updates-and-packages-3-2.html

SSH Secure Shell for Servers 3.2:

http://www.ssh.com/support/downloads/secureshellserver/updates-and-packages-3-2.html

SSH Secure Shell for Windows Servers 3.2:

http://www.ssh.com/support/downloads/secureshellwinserver/updates-and-packages-3-2.html


Non-commercial source code and English Windows client binary without PKI and smart card functionality are available for the non-commercial users at:

ftp://ftp.ssh.com/pub/ssh/


Users of the SSH IPSEC Express Toolkit should upgrade to SSH IPSEC Express Toolkit version 5.1.1 or apply the patch developed for version 5.0.0.

Vendor URL:  www.ssh.com/company/newsroom/article/454/ (Links to External Site)
Cause:   Authentication error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Aug 26 2003 (HP Issues Fix for Tru64) SSH Secure Shell RSA Signature Verification Flaw May Let Remote Users Forge Valid Signatures
HP has released a fix for Tru64 UNIX.



 Source Message Contents

Subject:  SSH Secure Shell 3.1 to 3.2.4 and SSH IPSEC Express Toolkit 5.0.0


http://www.ssh.com/company/newsroom/article/454/

SSH issued an advisory for SSH Secure Shell 3.1.0 - 3.1.7 and 3.2.0 - 3.2.4 and for the 
SSH IPSEC Express Toolkit 5.0.0 warning of an RSA signature verification vulnerability.

SSH reports that certain RSA signatures may be incorrectly verified as valid when 
performing host or user authentication using digital certificates and RSA keys.  The 
vulnerability affects the RSA PKCS v1.5 signature scheme implementation, according to the 
vendor.

The vendor reports that other user authentication methods are not affected (including 
password, RSA SecurID, and keyboard-interactive authentication methods).

The vulnerability is due to "incorrect error reporting in the code path."

A remote user may be able to forge a valid signature without having the corresponding RSA 
private key.

The vendor reports that this may be difficult to exploit successfully.


The vendor has released the following fixed versions:

SSH Secure Shell 3.1.8 and 3.2.5
SSH IPSEC Express Toolkit 5.1.1

These fixed versions are available at:

http://www.ssh.com/support/downloads/


The 3.1.8 version binaries can be installed on the old 3.1.x binaries (if you have the 
appropriate license).

SSH Secure Shell for Workstations 3.1:

http://www.ssh.com/support/downloads/secureshellwks/updates-and-packages-3-1.html

SSH Secure Shell for Servers 3.1:

http://www.ssh.com/support/downloads/secureshellserver/updates-and-packages-3-1.html

SSH Secure Shell for Windows Servers 3.1:

http://www.ssh.com/support/downloads/secureshellwinserver/updates-and-packages-3-1.html


The 3.2.5 version binaries can be installed on the old 3.2.x binaries (if you have the 
appropriate license).

SSH Secure Shell for Workstations 3.2:

http://www.ssh.com/support/downloads/secureshellwks/updates-and-packages-3-2.html

SSH Secure Shell for Servers 3.2:

http://www.ssh.com/support/downloads/secureshellserver/updates-and-packages-3-2.html

SSH Secure Shell for Windows Servers 3.2:

http://www.ssh.com/support/downloads/secureshellwinserver/updates-and-packages-3-2.html


Non-commercial source code and English Windows client binary without PKI and smart card 
functionality are available for the non-commercial users at:

ftp://ftp.ssh.com/pub/ssh/


Users of the SSH IPSEC Express Toolkit should upgrade to SSH IPSEC Express Toolkit version 
5.1.1 or apply the patch developed for version 5.0.0.



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC