Secure Shell found to be not so secure

By Steve Malone

Posted on 17 Dec 2002 at 10:33

A number of vendors' versions of the Secure Shell transport layer are open to attack, a company has found.

The SSH transport layer is the source of a whole range of security options which are supposed to protect networks from attack. Among the options SSH provides are strong encryption, cryptographic host authentication, and integrity protection.... Also supported are the key exchange method, public key algorithm, symmetric encryption algorithm, message authentication algorithm, and hash algorithm.

The company,Rapid7, developed a suite (SSHredder) of tests on the connection initialisation, key exchange, and negotiation phase of the SSH transport layer protocol. In particular SSHredder looks at the way SSH handles invalid or incorrect packet and string lengths, padding and padding length, malformed strings, and invalid algorithms.

Rapid7 found a number of vulnerabilities in different vendors' SSH products. These vulnerabilities include buffer overflows which occur before any user authentication takes place. This means that hackers could run unauthorised programs with all the privileges of SSH. Both SSH servers and clients are affected, since both implement the SSH transport layer.

For example on Windows, SSH servers run with System privileges, and on UNIX systems, SSH daemons typically run with root privileges. In the case of SSH clients, any attacker-supplied code would run with user privileges. Attackers could also crash a vulnerable SSH process, causing a denial of service.

Not all implementations of SSH are vulnerable and a number of suppliers, including IBM, Cisco and OpenSSH have declared they are not open to vulnerabilities exposed. Others are checking their systems. More details and a list of afftected vendors are available on the CERT web site.