Vulnerability In SSH1 118
matt666 writes "Bindview released an advisory yesterday warning us that "[a]n integer-overflow problem is present in common code of recent ssh daemons, deattack.c, which was developed by CORE SDI to protect against cryptographic attacks on SSH protocol. [...] This effectively allows an attacker to overwrite arbitrary portions of memory". Practically all common versions of SSH1 are affected, except OpenSSH 2.3.0." A whole slew of people have written in regarding this - from the folks at SmoothWall advising of an update, to a bunch of people just saying "Oh No!". My understanding is that a fix is already in the works.
1.2.30 Seems to not have the bug (Score:1)
ruben@ruben:~ > ssh -v -l `perl -e '{print "A"x88000}'` localhost
SSH Version 1.2.30 [i686-unknown-linux], protocol version 1.5.
Standard version. Does not use RSAREF.
ruben: Reading configuration data
Hostname or username is longer than 255 characters.
ruben@ruben:~ >
Does this mean it's secure?
but it is childish to use scripts, no? (Score:1)
Whaaap! You've been trolled (Score:1)
Yay for OpenBSD Gang! (Score:1)
Given that OpenSSH is used across a greater spectrum that OpenBSD, this should help the OpenBSD group gain even more support.
Never, ever use Linux for a firewall. Use OpenBSD!
Opps, thats not a good thing to say on slashdot, is it?
Re:All this wouldn't have happened... (Score:1)
Luxury!
:)
Re:another disadvantage is the lack of sftp (Score:1)
Re:another disadvantage is the lack of sftp (Score:1)
http://www.ssh.com/products/ssh/
Based on your
Unfortunately I haven't seen one for Classic Mac yet. At least command line will be an option with OS X.
OpenSSH 2.2.0 updates for RedHat (Score:1)
Re:SSH isn't enough (Score:1)
Its been around for years, and most clients support it.
It encrypts the password with a hash then sends it to the server, from memory.
Fixed URL (Score:1)
http://www.debian.org/security/2001/dsa-026 [debian.org]
(You're getting the dsa-026.html file in the 2001/ directory.)
Red Hat users (Score:1)
-Yenya
--
Re:Question... answer (Score:1)
Bosses that whine about spelling are usually morons. Bosses, that want results? hire guys like me.
Hurry Sys. Admins (was Re:I can just see it...) (Score:1)
We're off to patch our code
We're keeping Kiddies off
To save our web servers.
Our Sys. Admins.
Searching for obsure bugs
Heading off new expliots
Leaving Quake games behind
Who knows what bugs we'll find
We must be smart and brave
And always be sure to save
If we don't, in just one year
Our website will disappear
Fighting with Script Kiddies
Who won't stop with the "ph3r m3s"
Then we'll reboot, and when we're done
More Quake for everyone with our Sys Admins!
George Lee
Looks like EIOAGAYWP.... (Score:1)
Good to see bugs getting shaken out.
George Lee
Re:Silly posters. (Score:1)
I don't suppose other people coming to point #2 has anything to do with the state of affairs in #1?
Re:Fix is VERY simple (Score:1)
You'll have to reverse the arguments of kill for that to work:
- kill(SIGALRM, getppid());
+ kill(getppid(), SIGALRM);
Re:FreeBSD users: Have fun with this one. (Score:1)
Mr Vixie (Score:1)
Re:switch to openSSH (Score:1)
-
sig sig sputnik
Re:Stupid fix.. but none the less.... (Score:1)
---
Re:Silly coders. (Score:1)
---
Re:You don't even need to follow the link! (Score:1)
Re:Silly coders. (Score:1)
You may be a C bigot :) but SML implementations aren't so bad:
Check out the results of the ICFP contest [cornell.edu] - the ML-based programs were really, really fast. (And they also worked, unlike a lot of the C and Perl solutions!).
Of course, it's too bad I'm a C bigot too, or my code might be better... ;)
Re:another disadvantage is the lack of sftp (Score:1)
However, yes, for anything more than quick or automated file moves, stfp is a much better option.
Re:This can't be true... (Score:1)
Boss of nothin. Big deal.
Son, go get daddy's hard plastic eyes.
Re:FreeBSD still no patch... (Score:1)
Boss of nothin. Big deal.
Son, go get daddy's hard plastic eyes.
Server only (Score:1)
--
Patrick Doyle
Re:switch to openSSH (Score:1)
As I recall, about the only thing that was needed was to make sure OpenSSL was installed first. Keeping your favorite compiler options in CFLAGS and CXXFLAGS helps, too, as configure (if it's of the GNU variety) will usually pick up whatever is in those variables. It's always figured everything else out by itself. I've installed OpenSSH on SuSE 6.[34] and LFS systems, and have never had any problems with the build.
Re:SSH isn't enough (Score:1)
Sure OpenSSH will protect you when you log into your *nix box. But what happens when you go to get your POP mail from your ISP? You send out your password in plaintext and then your mail is completely vulnerable.
What? You STILL use unencrypted POP mail? I think all the major mail servers support POP/IMAP over SSL. Get it now.
--
Re:You got it backwards... (Score:1)
And yet, I got modded up three times. Gotta love /.'s crack-smoking moderators =) It's just so easy!
Of course, I've already hit the cap (been there for months now), so whatever...
--
Re:switch to openSSH (Score:1)
That's interesting, because I just did ./configure, dl'd and installed the libs it needed (zlib and OpenSSL), ./configure again, make, make install, edit /usr/local/etc/sshd_config so it ran on port 123 (testing purposes, ssh is the only access I have to my Linux box, so...), start /usr/local/sbin/sshd, ssh in on port 123, verify that it works, change sshd_config, kill -HUP `cat /var/run/sshd.pid`, and it's all set.
The above is on a Slack install still running kernel 2.0.38 and some older version of glibc.
Unsafe Languages (Score:1)
Re:FreeBSD users: Have fun with this one. (Score:1)
- first ensure openssl 0.9.6 is installed. If not, install it.
-
Took a little monkeying around, but it seems to work fine for me at the moment. Good luck.
FreeBSD still no patch... (Score:1)
What the fuck are people publishing a patch if there's not a fix?
Streamripper [sourceforge.net]
How secure is ssh (Score:1)
Re:another disadvantage is the lack of sftp (Score:1)
Tim Gaastra
Re:Go for SSH2 (Score:1)
dopp
Re:another disadvantage is the lack of sftp (Score:1)
Doesn't appear to have made it to the "portable" version yet.
I just installed 2.3.0p1, and it isn't there.
Temkin
Re:SSH isn't enough (Score:1)
Of course, there is still the problem that good old SMTP still goes unencrypted, but TLS-aware MTAs (TLS is the new name for SSL, basically) will encrypt the traffic between them! Recent versions of Sendmail are TLS-aware, there's Postfix-TLS, and experimental versions of Exim. Not sure about qmail.
As for POP and IMAP, I don't think anybody is talking about making encryption a standard part of them, but I could well be wrong.
Er... (Score:1)
I was always under the impression that if your traffic passes through any sort of localized network it can be sniffed, like an @Home subnet, University network, network at your job etc. Your theory would really only apply to to DSL or dialup and then only if the machine you were contacting was also connected directly to the internet with no sort of network attached to it.
OpenWall (Score:1)
Oh No! (Score:1)
--> 2.3.0 since 8 Nov
<http://www.FreeBSD.org/cgi/cvsweb.cgi/src/secu re/usr.bin/ssh/Makefile>
--> 2.3.0 since 12 Jan
Cheers,
--fred
Wildcards work for openssh 2.3 (Score:1)
Re:Er... (Score:1)
No! That is utterly meaningless. There is no such thing as "connected directly to the internet with no sort of network attached to it". The internet is a public network. Whenever you send data across a public network you should assume it is being sniffed. Apart from the fact that the original post was a joke.
Re:Er... (Score:1)
Re:Debian Users... (Score:1)
Re:SSH isn't enough (Score:1)
WHAT? Your pop mail ISN'T encrypted with pgp/gpg? I have all the people I really care to talk to properly educated in how to use PGP. Even my wife, who found giving up AOL to be highly traumatic. Hell, I've got my filters set up to send anything that ISN'T signed or encrypted directly to the spam box.
What in the world does that have to do with sending your POP password in plain text to fetch your PGP encrypted email?
Universities! (Score:2)
another disadvantage is the lack of sftp (Score:2)
Re:Er... (Score:2)
I expect other universities to follow in the coming years. I guess I assumed that other schools would pick up with this a little er. (especially CMU, although they seem to focus more on wireless networks..)
-- Thrakkerzog
Re:Er... (Score:2)
-- Thrakkerzog
Well some OpenSSH are affected (Score:2)
http://www.debian.org/security/2001/dsa-027 [debian.org]
Re:another disadvantage is the lack of sftp (Score:2)
I pity da fool who follows Smoothwall instructions (Score:2)
If you are in Windows bring up a dos session and make sure you are in the same directory as where you downloaded the tar.gz file - please make sure you follow this instruction. Linux / BSD / GNU based systems users you all know what you\ure doing so we won\ut teach you to suck too many eggs in this instruction in fact we won\ut teach you to suck any eggs and congratulate you on running a free operating system that enhances your standing in the community.
Please open up a terminal window and type in the following:
ftp __.___.___.___ [substitute underscores for the ip address of your SmoothWall server]
When prompted for username type root
When prompted for password type the password you allocated for root
then follow the following instructions
bin [followed by return]
put smoothwall-openssh-2.3.0p1.tar.gz [followed by return]
Once this operation is complete type
quit [followed by return]
Funny, I thought that the one of the great advantages of using SSH (aside from the port forwarding) was that you'd never have to send your password in cleartext. Besides, who actually allows root to connect to their FTP server? The conventional wisdom has always been that root is to powerful to "just FTP".
Suck eggs, indeed.
Re:Question... answer (Score:2)
I have 1 server running that has a 1.2 kernel on it. it hasn't been updated because it doesnt need to be.(and is in a remote location that takes days to reach) Only the foolish fix things that aren't broke.
So, as one of the best sysadmins my corperation has, I DONT update important software every few weeks.
P.S.- we still run NT 3.5 servers too for critical systems. Could an entire industry be foolish by not updating every few weeks? I think not.
Re:another disadvantage is the lack of sftp (Score:2)
Actually, sftp support was recently added (it's available in the 2.3.0 version I just finished putting in all my servers ;-)
You don't even need to follow the link! (Score:2)
Shouldn't Theo have caught this? or is he only concerned with OpenSSH?
Read past the headline:
So Theo (or someone else working on OpenSSH) DID catch it. Maybe they didn't know they caught it, or that it was exploitable, but they did fix it.
Re:switch to openSSH (Score:2)
i was using the portable version, it's just that, by default, it likes you to use PAM for password authentication, which slackware doesn't. if you don't use PAM, it likes you to heve your passwords encrypted with crypt. mine aren't.
i had to use a few special configuration parameters (i think they were --enable-md5 --enable-shadow and --disable-pam, but i'm not sure. that's from memory.)
Re:another disadvantage is the lack of sftp (Score:2)
Stupid fix.. but none the less.... (Score:2)
Yeah, /usr/ports for freebsd 3 still uses openssh 2.2, but disabling protocol 1 is at least a quick fix while a more stable thing is done.
---
Re:Obligatory 'power of open source' statement (Score:2)
Re:Silly coders. (Score:2)
Of course, I don't think this is the way to go - mostly because current SML implementations are damn slow, and I'm a C bigot.
--------------------------
No (Score:2)
Furthermore, the belief that every router hop from your machine to the machine you're connected to is secure is fatally mistaken. Just because your ISP has effective security measures does not mean that everyone on the route has the same effective measures.
Unless you're using Irix (Score:2)
--
Re:Silly coders. (Score:2)
Re:Only Criminals should be worried. (Score:2)
Just because I don't have classified data on my computer doesn't mean that I want to have it broken into and that I shouldn't take reasonable precautions to see that my system is safe.
_____________
Obligatory 'power of open source' statement (Score:2)
More information available on the debian package at http://www.debian.org/security/2001/dsa-026/
What's next?! (Score:2)
Oh, wait..
----------
2 of 2 (Score:2)
The second point is that while you may not be a criminal, leaving your box open to something like this makes you criminally stupid. Some script kiddie may jump in and start setting up IRC servers and using your machine to help in some DDOS attacks. Try proving to your local authorities that just because the logs say the attacks came from YOUR IP that it wasn't YOUR fault and that, please officer, can I have my computer back now?
Go for SSH2 (Score:2)
Re:Silly coders. (Score:2)
As for OpenSSH, I didn't know Theo worked on it, But I did know OpenSSH and OpenBSD we're related. which explains what I said, also you we're the second person to call me on that, it wasn't necessary, but it reinforced your augments that I am an idiot. You're going out on a limb calling me on things like capitalization, and obviously on purpose misspellings.
recently I've been losing patience with slashdot, and posting garbage. if you look at my history you'll notice many of my posts have been modded down (some way down) after they we're modded up. As you can also see i have the +2 bonus, and am, from time to time a modertor, which means i must have gotten karma at some point.
I'm sick of the slashdot way of karma whoring, so I'm also getting lazy, impatient and bored.. I've been posting stuff just to see how it gets received, not because I believe in what I say, or even care about what I'm talking about.
Am at a point where I don't care about my karma, I don't care if other people don't like what I say, I think I'm turning into what slashdot concedes a troll, and if so, so be it.
-Jon
Streamripper [sourceforge.net]
Silly coders. (Score:2)
So I said "huh, so except for a man in the middle attack, or brute force, there's really no attacks", "yup". then i said "So all those exploits on ssh are just coding errors right?", "yup".
so what is this like 4th r00t expliot from ssh? You would really think that people making an app to improve security would be more careful about this. Or maybe they did, and it's one of those new sprintf one's, if I remember from defcon (boy that sucked) there was a common exploit via sprintf's that wasn't widely known until recently... , something to do with %n I think..
Shouldn't Theo have caught this? or is he only concerned with OpenSSH?
-Jon
Streamripper [sourceforge.net]
Re:Unsafe Languages (Score:2)
C is the problem. (Score:2)
Personally, I'd like to see a move to Modula 3 or Ada for trusted modules, but so few people know those languages now. Hard-compiled Java, maybe.
Re:Er... (Score:2)
anytime you communicate with anything other than yourself, the Trust issue comes into play.
-f
Re:Silly coders. (Score:2)
why should Theo care about anything other than OpenSSH? Should Linus be looking for windows vulnerabilities?
-f
¹Lint built into GCC (Score:2)
gcc -Wall -W -O -c foo.c will generate lots of helpful diagnostics on stderr.
Like Tetris? Like drugs? Ever try combining them? [pineight.com]
Re:Er... (Score:2)
Re:SSH isn't enough (Score:2)
Re:SSH isn't enough (Score:2)
The worst thing that can happen if your messages are encrypted is that the attacker can delete them from your mailbox. This amounts to a pretty lame DoS attack - annoying but not catastrophic. If it's a message that absoloutely MUST go through, you shouldn't be relying on email in the first place. It would be a pretty stupid attack anyway, because the target would know pretty quickly that their comm channel has been compromised.
An attacker could find out the names and emails of the people you are conversing with, but they could get that information anyway, by sniffing it out of the headers of the incoming SMTP messages (for example). [Traffic analysis, anyone?] If you need to conceal WHO you are talking to, you need to use some sort of dead drop arrangement, like posting an image with a steganographically-imbedded message to usenet or a free webpage.
Whining about the insecurity of POP3 (and SMTP) isn't a productive use of your time. Virtually every ISP in the world uses POP3/SMTP for email. It's insecure. Deal with it. If security matters, host your own Secure IMAP server and encrypt all your traffic. Your ISP isn't going to be changing it's email infrastructure any time soon. (Talk about a major tech support nightmare!) Sure, it would be nice if email had end-to-end encryption that is completely transparent to the end user, but that's not going to happen around any time soon. You've got to make do with the tools you have to work with.
Re:Unsafe Languages (Score:2)
There is no reason why you cannot compile your Java language source code into native machine code for a specific architure / OS. Likewise, you could compile C/C++ source into Java byte codes and run it on any Java virtual machine.
From my experience, Java programs compiled into native machine code have near-identical performance to C++ implementations of the same programs. You lose object-level portability by doing native compiliation, but you still have 100% source code compatibility; which is more than you can say for C (#ifdef, anyone?)
Actually, for highly reliable system level programming, ADA is probably the best choice. It was specifically designed for safety and reliability - which is why it is the preferred language in the Avionics and Nuclear Power industries. Too bad that nobody outside those niches uses it.
Re:All this wouldn't have happened... (Score:2)
Geez moderators, browsing at "+2 newest first" isn't exactly bright.
Re:Silly coders. (Score:2)
In C, it's very hard to get this right: just about every statement can lead to these kinds of problems: unchecked overflows, unchecked pointer dereferences, etc. People simply cannot handle that complexity and also get the code to work right. There are doubtlessly lots and lots of other problems like this in ssh, as well as most other Linux, UNIX, and Windows programs. (C++ lets you do a little better in principle, but the way most people use it, it's just as bad.)
If you want to write code that doesn't suffer from these problems without spending many times as much time on trying to find such silly bugs compared to expressing the actual algorithm, use a language that has some built-in error checking. Java, Modula-2, Modula-3, Ada, Oberon, whatever.
Clunky? Inconvenient? Not as many libraries available in those languages? All true. But that's because they aren't used enough, not because there is anything inherently wrong with them.
Re:Unsafe Languages (Score:2)
C is a "good language for doing systems work" if safety, security, and correctness are not very high priorities and if your programs are reasonably small. That was true of the original UNIX system. It isn't true of something like SSH or other network services (security is of paramount importance) and it isn't true either of huge GUI applications (too many potential sources of errors to ever get something really reliable).
(In theory, C++ could be a little better, but in practice, the way C++ is actually used, the same comments apply to C++.)
Re:Stupid fix.. but none the less.... (Score:2)
FreeBSD users: Have fun with this one. (Score:3)
Go to the ports directory, you say. That doesn't compile either. the SSH2 port doesn't compile either! Neither will OpenSSH (it warns about remote root exploits, really helpful), and the latest maintained official ssh1 version is 1.2.27.
I expect to find a lot of rootable old FreeBSD boxes out there.
- A.P.
--
* CmdrTaco is an idiot.
Re:Fix is VERY simple (Score:3)
--- rsaglue.c 1999/12/10 23:27:25 1.8
+++ rsaglue.c 2001/02/03 09:42:05
@@ -264,7 +268,15 @@
mpz_clear(&aux);
if (value[0] != 0 || value[1] != 2)
- fatal("Bad result from rsa_private_decrypt");
+ {
+ static time_t last_kill_time = 0;
+ if (time(NULL) - last_kill_time > 60 && getppid() != 1)
+ {
+ last_kill_time = time(NULL);
+ kill(SIGALRM, getppid());
+ }
+ fatal("Bad result from rsa_private_decrypt");
+ }
for (i = 2; i len && value[i]; i++)
;
and here's the previously discussed patch:
--- ssh-1.2.31/deattack.c-old Wed Feb 7 19:45:16 2001
+++ ssh-1.2.31/deattack.c Wed Feb 7 19:54:11 2001
@@ -79,7 +79,7 @@
detect_attack(unsigned char *buf, word32 len, unsigned char *IV)
{
static word16 *h = (word16 *) NULL;
- static word16 n = HASH_MINSIZE / HASH_ENTRYSIZE;
+ static word32 n = HASH_MINSIZE / HASH_ENTRYSIZE;
register word32 i, j;
word32 l;
register unsigned char *c;
Also, it should be pointed out that openssh-2.3.0 isn't supported on openBSD =2.6, so if you run an older openBSD, you either have to upgrade or switch to ssh.com's ssh....
Re:Unsafe Languages (Score:3)
You got it backwards... (Score:3)
1) This affects all common implementations, including the commercial one from SSH.com
2) This doesn't affect OpenSSH 2.3.0, which is Open Source!
Suck it.
--
OpenSSH rocks, once again (Score:3)
Mike Roberto
- GAIM: MicroBerto
Re:Fix is VERY simple (Score:3)
I find it odd that commercial companies, like our F-Secure, have been to tight to buy a copy of ProLint and run it, or have willfully ignored the warning messages that it would produce.
The 10 commandments of C programming still hold true...
FatPhil
-- Real Men Don't Use Porn. -- Morality In Media Billboards
I can just see it... (Score:3)
SSH isn't enough (Score:3)
-Brian
Fix is VERY simple (Score:4)
Refer to the article for the patch/change.
-Rusty
Re:switch to openSSH (Score:5)
The "standard" tarball linked under "getting source" on the OpenSSH page is for OpenBSD and does not have a configure script, just a installer.
If you download OpenSSH for a non OpenBSD box, make sure you pick the portable version. (under operating systems click on your operating system, or go to: http://www.openssh.com/portable.html [openssh.com]).
Re:Software vulnerabilities (Score:5)
switch to openSSH (Score:5)
there were arguments to switch to openssh before, but never one that was this practical in nature.
the only downside of openssh that i've seen was that it was a pain to figure out which compile-time options i needed. make sure you know exactly how your passwords are stored on your box. once i had that figured out, i liked it better than i ever liked the commercial SSH.
All this wouldn't have happened... (Score:5)
Debian Users... (Score:5)
Make sure you have the Debian security sources in
deb http://security.debian.org/ stable/updates main contrib non-free deb-src http://security.debian.org/ stable/updates main contrib non-free
openssh (1:1.2.3-9.2) stable; urgency=high
* Non-maintainer upload by Security Team
* Added backported fix for a buffer overflow (thanks to Piotr Roszatycki)
* Added modified build dependencies from unstable for convenience
* Added patch that fixes an rsa key exchange problem made public by CORE SDI.
-- Martin Schulze Thu, 8 Feb 2001 22:15:04 +0100
Re:Here's the patch and how to apply it (Score:5)
What is it with caching contents of a POST method -- netscape picked up its cached version of my previous post...
Last correction: patch < deattack.c.patch using the following text copied into deattack.c.patch
--- deattack.c Wed May 12 12:19:25 1999
+++ deattack.c.orig Fri Feb 9 20:00:21 2001
@@ -79,7 +79,7 @@
detect_attack(unsigned char *buf, word32 len, unsigned char *IV)
{
static word16 *h = (word16 *) NULL;
- static word16 n = HASH_MINSIZE / HASH_ENTRYSIZE;
+ static word32 n = HASH_MINSIZE / HASH_ENTRYSIZE;
register word32 i, j;
word32 l;
register unsigned char *c;