OpenSSH hits the fan
Print storyGet patching!
Posted in Security, 26th June 2002 20:34 GMT
Free whitepaper – Securing your online data transfer with SSL
A serious vulnerability in default installation of OpenSSH on the OpenBSD operating system has come to light.
A vulnerability exists within the "challenge-response" authentication mechanism in the OpenSSH daemon (sshd), according to an alert issued today by Internet Security Systems.
This mechanism, part of the SSH2 protocol, verifies a user's identity by generating a challenge and forcing the user to supply a number of responses.
However this mechanism is flawed in OpenSSH version 3.3 - it's possible for a remote attacker to send a specially-crafted reply that triggers an overflow.
According to ISS, this can result in a remote denial of service attack on the OpenSSH daemon or a complete remote compromise. The OpenSSH daemon runs with superuser privilege, so remote attackers can gain superuser access.
Worse still, the vulnerability is being "actively exploited".
ISS recommends upgrade to OpenSSH version 3.4 immediately. As a workaround, BOFHs might also consider disabling unused OpenSSH authentication mechanisms.
OpenSSH is a free version of the SSH (Secure Shell) communications suite and is used as a secure replacement for protocols such as Telnet, Rlogin, Rsh, and Ftp.
You can find more information about the problem here, and details of vendors which implement OpenSSH here. ®
Free whitepaper – Vulnerability management buyer's checklist
The future of SaaS and IT infrastructure management
The mandate for application security
Extended Validation SSL Certificates
Avoiding 7 common mistakes of IT security compliance
The best practices guide for application security
Google cloud told to encrypt itself
Buggy 'smart meters' open door to power-grid botnet
Chinese firm hits back at cyberspy claims
BlockMaster SafeStick hardware-encrypted USB drive