
	Home > Enterprise Linux News > New buffer overflow threatens OpenSSH systems

Enterprise Linux News:

EMAIL THIS

New buffer overflow threatens OpenSSH systems

By Michael S. Mimoso, SearchEnterpriseLinux.com News Editor
17 Sep 2003 | SearchOpenSource.com

Digg This!

StumbleUpon

Del.icio.us

A buffer overflow vulnerability has been found in OpenSSH that could threatens systems running the ubiquitous network protocol.

OpenSSH is an open-source secure shell daemon that encrypts network packets. Red Hat Linux, SuSE Linux, FreeBSD, OpenBSD and Mandrake Linux, as well as many Unix and other systems, integrate OpenSSH into the base OS as a remote login solution.

Several security mailing lists are reporting that exploit code is being traded in the wild. As of today, it is unknown whether an exploit could either crash or enable remote code execution. Experts urge administrators to treat this serious vulnerability as if there were a working exploit, and they suggest that users upgrade vulnerable systems to OpenSSH 3.7 and 3.7p1, which are available for download from ftp.openbsd.org. Vendor-specific fixes are imminent.

OpenSSH is developed by the OpenBSD Project, which offers a free Unix-like operating system. OpenSSH versions up to and including 3.6.1, as well as the portable version of OpenSSH, are affected by the flaw.

Atlanta-based Internet Security Systems Inc. discovered the flaw. Researchers there said that when an unusually large packet (at least 10 MB of traffic) is sent to OpenSSH, its buffer management tries to reallocate a larger buffer. In some cases, the cleanup process leads to heap corruption and crashes that process.

"This is a difficult vulnerability to exploit," said Dan Ingevaldson, team leader for ISS' XForce security team. "But it's only difficult once. Once someone exploits it, it becomes public domain."

An alert from FreeBSD explains: "In some cases, the cleanup code will attempt to zero and free the buffer that just had its recorded size (but not actual allocation) increased. As a result, memory outside of the allocated buffer will be overwritten with NUL bytes."

FreeBSD recommends several workarounds, including disabling the base system sshd and ensuring sshd is not restarted when a system is restarted. Also, FreeBSD recommends uninstalling the OpenSSH or OpenSSH portable ports if they are installed.

"This is a serious vulnerability. OpenSSH is the most common SSH server out there," Ingevaldson said. "SSH is part of the fabric of Unix [and Linux] systems. Administrators use it to connect to a lot of appliance, virus gateways and IDS systems. This is a significant deal."

FOR MORE INFORMATION:

SearchEnterpriseLinux.com news exclusive: "2.6 kernel cures some security shortcomings"

SearchEnterpriseLinux.com news exclusive: "Linux security: The seven deadly sins"

Best Web Links on security

Ask the experts

FEEDBACK: Has this security incident shaken your faith in OpenSSH?
Send your feedback to the SearchEnterpriseLinux.com news team.

Digg This!

StumbleUpon

Del.icio.us

RELATED RESOURCES

	2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
	Search Bitpipe.com for the latest white papers and business webcasts
	Whatis.com, the online computer dictionary

Linux Server Distribution Solutions - Red Hat Enterprise, SUSE Linux Enterprise, Ubuntu Linux

SEARCH

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2003 - 2009, TechTarget \| Read our Privacy Policy