|
|
|
F-Secure SSH Client and Server SSH2 Implementation Bugs Allow Only Limited Remote Denial of Service Issues
|
SecurityTracker Alert ID: 1005812 |
SecurityTracker URL: http://securitytracker.com/id/1005812
|
CVE Reference:
CVE-2002-1357, CVE-2002-1358, CVE-2002-1359, CVE-2002-1360
(Links to External Site)
|
Updated: Jun 3 2008
|
Original Entry Date: Dec 16 2002
|
Impact:
Denial of service via network
|
Vendor Confirmed: Yes
|
Version(s): 3.1.0 Build 11 and prior versions (for UNIX), 5.2 and prior versions (for Windows)
|
Description:
Rapid 7, Inc. reported vulnerabilities in the F-Secure's SSH2 implementation, as well as several other SSH2 implementations. A remote user can crash their own session.
It is reported that F-Secure's SSH2 implementation does not properly process malformed packets exchanged during the greeting and KEXINIT (key exchange initialization) phases of an SSH connection. According to the vendor, a remote user could cause their own SSH session to crash. The crash reportedly occurs in a forked process, so denial of service conditions are not possible, according to F-Secure. No further details were provided.
The product was tested using the SSHredder test suite, available at:
http://www.rapid7.com
The test suite included invalid and/or incorrect SSH packet lengths, string lengths, SSH padding and padding lengths, strings, and algorithm lists.
This Alert covers the F-Secure products (SSH servers and clients for UNIX, v3.1.0 (build 11) and earlier; SSH for Windows, v5.2 and earlier). However, according to the report, the following other implementations are known to be vulnerable:
SSH Communications Security, Inc. SSH for Windows, v3.2.2 and earlier
SSH Communications Security, Inc. SSH for UNIX, v3.2.2 and earlier
FiSSH SSH client for Windows, v1.0A and earlier
InterSoft Int'l, Inc. SecureNetTerm client for Windows, v5.4.1 and earlier
NetComposite ShellGuard SSH client for Windows, v3.4.6 and earlier
Pragma Systems, Inc. SecureShell SSH server for Windows, v2 and earlier
PuTTY SSH client for Windows, v0.53 and earlier (v0.53b not affected)
WinSCP SCP client for Windows, v2.0.0 and earlier
According to the report, the following implementations are apparently not vulnerable:
BitVise WinSSHD server for Windows v3.05
LSH v1.5
OpenSSH v3.5 and earlier
TTSSH SSH Extension for TeraTerm Pro
VanDyke SecureCRT client v3.4.3 for Windows
VanDyke VShell server v1.2 for Windows
The vendor (F-Secure) has reportedly characterized this issue as not exploitable.
For the full Rapid 7 advisory, see the Source Message or:
http://www.rapid7.com/advisories/R7-0009.txt
|
Impact:
A remote user can cause their own session to crash.
[Editor's note: The vendor notes that the product is not exploitable and that a remote user cannot cause denial of service conditions. However, because the flaw is confirmed and a remote user can cause a portion of the code to crash, we have categorized this as a denial of service issue.]
|
Solution:
The vendor notes that the product is not exploitable.
|
Vendor URL: www.fsecure.com/products/ssh/ (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Subject: R7-0009: Vulnerabilities in SSH2 Implementations from Multiple Vendors
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Rapid 7, Inc. Security Advisory
Visit http://www.rapid7.com/ to download NeXpose(tm), our
advanced vulnerability scanner. Linux and Windows 2000
versions are available now!
_______________________________________________________________________
Rapid 7 Advisory R7-0009
Vulnerabilities in SSH2 Implementations from Multiple Vendors
Published: December 16, 2002
Revision: 1.0
http://www.rapid7.com/advisories/R7-0009.txt
CERT: CA-2002-36
http://www.cert.org/advisories/CA-2002-36.html
CVE: Multiple CVE CANs assigned:
o CAN-2002-1357 (incorrect length)
o CAN-2002-1358 (lists with empty elements/empty strings)
o CAN-2002-1359 (large packets and large fields)
o CAN-2002-1360 (string fields with zeros)
1. Affected system(s):
KNOWN VULNERABLE:
o F-Secure Corp. SSH servers and clients for UNIX
v3.1.0 (build 11) and earlier
o F-Secure Corp. SSH for Windows
v5.2 and earlier
o SSH Communications Security, Inc. SSH for Windows
v3.2.2 and earlier
o SSH Communications Security, Inc. SSH for UNIX
v3.2.2 and earlier
o FiSSH SSH client for Windows
v1.0A and earlier
o InterSoft Int'l, Inc. SecureNetTerm client for Windows
v5.4.1 and earlier
o NetComposite ShellGuard SSH client for Windows
v3.4.6 and earlier
o Pragma Systems, Inc. SecureShell SSH server for Windows
v2 and earlier
o PuTTY SSH client for Windows
v0.53 and earlier (v0.53b not affected)
o WinSCP SCP client for Windows
v2.0.0 and earlier
APPARENTLY NOT VULNERABLE:
o BitVise WinSSHD server for Windows v3.05
o LSH v1.5
o OpenSSH v3.5 and earlier
o TTSSH SSH Extension for TeraTerm Pro
o VanDyke SecureCRT client v3.4.3 for Windows
o VanDyke VShell server v1.2 for Windows
UNKNOWN / NOT TESTED:
o MacSSH
o SSHv1 implementations (see {1})
o SSHv2 enabled network appliances
2. Summary
SSH servers and clients from several vendors contain vulnerabilities
that may allow denial-of-service attacks and/or arbitrary code
execution. The vulnerabilities arise from various deficiencies in
the greeting and key-exchange-initialization phases of the SSHv2
transport layer.
3. Vendor status and information
F-Secure Corporation
http://www.f-secure.com
Vendor has been notified. Release information is unknown at
this time. F-Secure has characterized this issue as not
exploitable.
FiSSH
http://pgpdist.mit.edu/FiSSH/index.html
Vendor has been notified. Release information is unknown at
this time.
NetComposite (ShellGuard)
http://www.shellguard.com
Vendor has been notified. Release information is unknown at
this time.
Pragma Systems, Inc.
http://www.pragmasys.com
Vendor has been notified. The fixed version is SecureShell
v3.0, which was released on November 25 2002.
PuTTY
http://www.chiark.greenend.org.uk/~sgtatham/putty/
Vendor has been notified. The fixed version is PuTTY v0.53b,
which was released on November 12, 2002.
SSH Communications Security, Inc.
http://www.ssh.com
Vendor has been notified. Release information is unknown at
this time. SSH, Inc. has characterized this issue as not
exploitable.
SecureNetTerm (InterSoft International, Inc.)
http://www.securenetterm.com
Vendor notified. The fixed version is SecureNetTerm v5.4.2,
released on November 14 2002.
WinSCP2
http://winscp.vse.cz/eng/
Vendor has been notified. Release information is unknown at
this time.
4. Solution
No solutions available yet.
5. Detailed analysis
To study the correctness and security of SSH server and client
implementations {2}, the security research team at Rapid 7, Inc.
has designed the SSHredder SSH protocol test suite containing
hundreds of sample SSH packets. These invalid and/or atypical
SSH packets focus on the greeting and KEXINIT (key exchange
initialization) phases of SSH connections.
We then applied the SSHredder suite to some popular SSH servers
and clients, observing their behavior when presented with a
range of different input. Several implementation errors were
discovered, most of which involve memory access violations.
While the impact is different for each product tested, some of
these errors were easily exploitable, allowing the attacker to
overwrite the stack pointer with arbitrary data.
In most cases, only the most current versions of the applications
were tested. Vendors listed as "Apparently NOT VULNERABLE" are
encouraged to run the tests against older versions of their
applications.
The SSHredder test suite is now available for download from
Rapid 7's web site ( http://www.rapid7.com ). A pre-release
version of SSHredder was provided to SSH vendors for testing
prior to public disclosure. SSHredder has been released under
the BSD license.
The test cases combine several test groups of similarly
structured data:
o Invalid and/or incorrect SSH packet lengths (including
zero, very small positive, very large positive, and
negative).
o Invalid and/or incorrect string lengths. These were applied
to the greeting line(s), plus all the SSH strings in the
KEXINIT packets).
o Invalid and/or incorrect SSH padding and padding lengths.
o Invalid and/or incorrect strings, including embedded ASCII
NULs, embedded percent format specifiers, very short, and
very long strings. This test group was applied to the
greeting line(s), plus all the SSH strings in the KEXINIT
packets).
o Invalid algorithm lists. In addition to the existing string
tests, invalid encryption, compression, and MAC algorithm names
were used, including invalid algorithm domain qualifiers;
invalid algorithm lists were created by manipulating the
separating commas.
The individual tests in each group were combined systematically to
produce a test suite of 666 packets. A full permutation of every
test in each test group would have yielded a test suite that is too
large to distribute, so a representative sample of packets was
chosen from each group.
Please note that greeting and KEXINIT are only the first and second
phases of SSH connections. A full test suite for every SSH
protocol message could potentially reveal other latent
vulnerabilities.
6. Notes
[1] While SSHv1 has no KEXINIT phase, many of these test cases
could affect both SSHv1 and SSHv2 in a generic way). SSHv1
implementations were not tested.
[2] The SSH protocol is described in several IETF drafts, which can be
found at http://www.ietf.org/ids.by.wg/secsh.html .
7. Contact Information
Rapid 7 Security Advisories
Email: advisory@rapid7.com
Web: http://www.rapid7.com/
Phone: +1 (212) 558-8700
8. Disclaimer and Copyright
Rapid 7, Inc. is not responsible for the misuse of the information
provided in our security advisories. These advisories are a service
to the professional security community. There are NO WARRANTIES
with regard to this information. Any application or distribution of
this information constitutes acceptance AS IS, at the user's own
risk. This information is subject to change without notice.
This advisory Copyright (C) 2002 Rapid 7, Inc. Permission is
hereby granted to redistribute this advisory, providing that no
changes are made and that the copyright notices and disclaimers
remain intact.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (OpenBSD)
iD8DBQE9/a5kcL76DCfug6wRAoIdAJ0Xg1HUeXQk5aNzBaKVcS4XP9rlpACguQk6
G2ihG+Zr3V/VE/1C21p4yf4=
=iqCp
-----END PGP SIGNATURE-----
==============================
Rapid 7 Security Research Team
Email: advisory@rapid7.com
Web: http://www.rapid7.com/
Phone: +1 (212) 558-8700
PGP: http://www.rapid7.com/advisories/R7-PKey2002.txt
==============================
|
|
Go to the Top of This SecurityTracker Archive Page
|