New SSH exploit in the wild?
Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: New SSH exploit in the wild?

  1. #1
    Hi mom!
    Join Date
    Aug 2001
    Posts
    1,103

    New SSH exploit in the wild?

    update #2:There's another bug found in 3.7. You'll have to upgrade to 3.7.1. Read this: http://www.openssh.org/txt/buffer.adv
    update:OpenSSH confirmed a bug in all versions before 3.7 (released today). It's unclear if the bug is exploitable. /update

    According to slashdot.org, there's a new SSH bug which has been exploited. The page slashdot links to seems to be suffering the slashdot effect, thus being unreachable. Who has more information on this bug and/or exploit?

    I wish to express my gratitude to the people of Italy. Thank you for inventing pizza.

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    Hi mom!
    Join Date
    Aug 2001
    Posts
    1,103
    Thanks. This is what I got from slashdot:

    [Full-Disclosure] new ssh exploit?
    christopher neitzert chris@neitzert.com
    Mon, 15 Sep 2003 13:48:34 -0400

    More on this;

    The systems in question are FreeBSD, RedHat, Gentoo, and Debian all
    running the latest versions of OpenSSH.

    The attack makes an enormous amount of ssh connections and attempts
    various offsets until it finds one that works permitting root login.

    I have received numerous messages from folks requesting anonymity or
    direct-off-list-reply confirming this exploit;

    The suggestions I have heard are:

    Turn off SSH and

    1. upgrade to lsh
    2. add explicit rules to your edge devices allowing ssh from only-known
    hosts.
    3. put ssh behind a VPN on RFC-1918 space.

    On Mon, 2003-09-15 at 12:02, christopher neitzert wrote:
    > Does anyone know of or have source related to a new, and unpublished ssh
    > exploit? An ISP I work with has filtered all SSH connections due to
    > several root level incidents involving ssh. Any information is
    > appreciated.
    I wish to express my gratitude to the people of Italy. Thank you for inventing pizza.

  4. #4
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Hehe.. Based on what I'm reading from the Full Disclosure list, the team that works on SSH are working on a Patch. There also seems to be some indication that it may affection other devices as well (routers/switches).
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  5. #5
    Senior Member
    Join Date
    Aug 2003
    Posts
    224
    Is this something to be concerned about in a Win or NT environment?
    How about this Xploit affecting switches and routers?
    We had a hiccup in our Network today that caused our ARP table to reset itself. The lights on our switches were all blinkingin Unison for about 2 minutes and all connectivity, even out the routers, was unavaliable for about 2 minutes.
    There are many rewarding oppurtunities awaiting composure from like minds and great ideas. It in my objective to interconnect great things.

  6. #6
    Hi mom!
    Join Date
    Aug 2001
    Posts
    1,103
    The rumoured exploit is supposed to make a -lot- of SSH-connection attempts, to guess some variables.
    I wish to express my gratitude to the people of Italy. Thank you for inventing pizza.

  7. #7
    Senior Member
    Join Date
    Aug 2003
    Posts
    224
    We are running a GNAT Box Firewall and I think that the Kernel that powers the firmware is Linux Based. What do you think the chances are that we got hit with this earlier this morning. I have never seen anything like it.......
    There are many rewarding oppurtunities awaiting composure from like minds and great ideas. It in my objective to interconnect great things.

  8. #8
    Hi mom!
    Join Date
    Aug 2001
    Posts
    1,103
    Not a clue. The exploit hasn't even been verified yet.

    Possible fix? (Check the URL in the message for possible updates!)

    Code:
    Subject: OpenSSH Security Advisory: buffer.adv
    
    This is the 1st revision of the Advisory.
    
    This document can be found at:  http://www.openssh.com/txt/buffer.adv
    
    1. Versions affected:
    
            All versions of OpenSSH's sshd prior to 3.7 contain a buffer
            management error.  It is uncertain whether this error is
            potentially exploitable, however, we prefer to see bugs
            fixed proactively.
    
    2. Solution:
    
    	Upgrade to OpenSSH 3.7 or apply the following patch.
    
    Appendix:
    
    Index: buffer.c
    ===================================================================
    RCS file: /cvs/src/usr.bin/ssh/buffer.c,v
    retrieving revision 1.16
    retrieving revision 1.17
    diff -u -r1.16 -r1.17
    --- buffer.c	26 Jun 2002 08:54:18 -0000	1.16
    +++ buffer.c	16 Sep 2003 03:03:47 -0000	1.17
    @@ -69,6 +69,7 @@
     void *
     buffer_append_space(Buffer *buffer, u_int len)
     {
    +	u_int newlen;
     	void *p;
     
     	if (len > 0x100000)
    @@ -98,11 +99,13 @@
     		goto restart;
     	}
     	/* Increase the size of the buffer and retry. */
    -	buffer->alloc += len + 32768;
    -	if (buffer->alloc > 0xa00000)
    +	
    +	newlen = buffer->alloc + len + 32768;
    +	if (newlen > 0xa00000)
     		fatal("buffer_append_space: alloc %u not supported",
    -		    buffer->alloc);
    -	buffer->buf = xrealloc(buffer->buf, buffer->alloc);
    +		    newlen);
    +	buffer->buf = xrealloc(buffer->buf, newlen);
    +	buffer->alloc = newlen;
     	goto restart;
     	/* NOTREACHED */
     }
    I wish to express my gratitude to the people of Italy. Thank you for inventing pizza.

  9. #9
    Senior Member
    Join Date
    Aug 2003
    Posts
    224
    Thanks for the response and help. I will keep my eye on it and update this case once I get more information.

    Points..............
    There are many rewarding oppurtunities awaiting composure from like minds and great ideas. It in my objective to interconnect great things.

  10. #10
    Hi mom!
    Join Date
    Aug 2001
    Posts
    1,103
    I wish to express my gratitude to the people of Italy. Thank you for inventing pizza.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •