SSH flaws sighted
PrintDON'T PANIC
Posted in Security, 19th December 2002 10:12 GMT
Free whitepaper – Dell IT infrastructure services brochure
Secure shell (SSH) protocol implementations from several vendors are subject to a number of potentially serious security flaws, security clearing house CERT warned earlier this week.
Read further down the noticeand you'll see that most major system vendors - and OpenSSH - are immune, but there's some work ahead for users of SSH implementations for Pragma Systems, F-Secure and others.
The flaws (such as they are) could allow a remote attacker to execute arbitrary code with the privileges of a particular SSH process or cause systems to crash. The vulnerabilities affect SSH clients and servers, and they occur before user authentication takes place.
The vulnerabilities, including ever-popular buffer overflow bugs, in several SSH implementations came to light after tests using a suite called SSHredder, from a firm called Rapid 7.
CERT advises affected users to apply appropriate patches or upgrade, as fixes become available. More generally, it advises access to SSH servers should be limited by firewalls and packet-filtering systems. ®
Related Stories
OpenSSH trojaned!
OpenSSH hits the fan
Crypto boffins question SSH security
Analyst Keynote: The Register Agile Data Center Summit
What Exchange can't do - and Dell can
Enabling The Agile Data Center
Analyst Keynote: The Register Agile Data Center Summit
Breaching Fort Apache.org - What went wrong?
Snow Leopard security - The good, the bad and the missing
US Dems fill inboxes with 419 scams
BlockMaster SafeStick hardware-encrypted USB drive