Slashdot Mirror
Vulnerability In SSH1
matt666 writes "Bindview released an advisory yesterday warning us that "[a]n integer-overflow problem is present in common code of recent ssh daemons, deattack.c, which was developed by CORE SDI to protect against cryptographic attacks on SSH protocol. [...] This effectively allows an attacker to overwrite arbitrary portions of memory". Practically all common versions of SSH1 are affected, except OpenSSH 2.3.0." A whole slew of people have written in regarding this - from the folks at SmoothWall advising of an update, to a bunch of people just saying "Oh No!". My understanding is that a fix is already in the works.
Password sniffing is a big issue on university networks. I don't think you'll find more uncontrollable computers connected to a network in one place anywhere else. The problem is worsened because the high density of computers often results in the use of broadcast-style hubs to cut costs, especially when you are servicing a dormitory and don't care if the subnet gets bogged down. The result is that any yahoo could grab all the mail passwords for his entire floor without much difficulty. Secure services are essential in that sort of situation.
I hate having to know the full path to everything, or the inability for the remote server to process wildcards. These are inherent limitations of scp.
According to the network guy here (who I highly respect) many well-networked universities are moving to 100mbit switched non-blocked full duplex. (meaning I have 100 mbit link to anywhere on campus no matter what.) This is mainly in preparation for video over the local network. (In fact, we already have a video server here which allows students to "rent" movies for the day to watch on their computer for a small fee.)
I expect other universities to follow in the coming years. I guess I assumed that other schools would pick up with this a little er. (especially CMU, although they seem to focus more on wireless networks..)
-- Thrakkerzog
It depends on the network. In a shared non-switched environment, password sniffing is very simple. Many universities are migrating to 100mbit switched networks, which means your traffic is localized. (except for broadcast traffic, of course.) This also means that you can not switch your ethernet card into promiscious mode and lift passwords as easily.
-- Thrakkerzog
I.e. all except 2.3.0
http://www.debian.org/security/2001/dsa-027
If you are in Windows bring up a dos session and make sure you are in the same directory as where you downloaded the tar.gz file - please make sure you follow this instruction. Linux / BSD / GNU based systems users you all know what you\ure doing so we won\ut teach you to suck too many eggs in this instruction in fact we won\ut teach you to suck any eggs and congratulate you on running a free operating system that enhances your standing in the community.
Please open up a terminal window and type in the following:
ftp __.___.___.___ [substitute underscores for the ip address of your SmoothWall server]
When prompted for username type root
When prompted for password type the password you allocated for root
then follow the following instructions
bin [followed by return]
put smoothwall-openssh-2.3.0p1.tar.gz [followed by return]
Once this operation is complete type
quit [followed by return]
Funny, I thought that the one of the great advantages of using SSH (aside from the port forwarding) was that you'd never have to send your password in cleartext. Besides, who actually allows root to connect to their FTP server? The conventional wisdom has always been that root is to powerful to "just FTP".
Suck eggs, indeed.
/ \
\ / ASCII ribbon campaign for peace
x
/ \
Oh it's simple. you look at security advisories but you do not download every update that floats down. A good sysadmin does not apply patches/updates/other fodder just because they are there. The sysadmin applies them if they are needed.
I have 1 server running that has a 1.2 kernel on it. it hasn't been updated because it doesnt need to be.(and is in a remote location that takes days to reach) Only the foolish fix things that aren't broke.
So, as one of the best sysadmins my corperation has, I DONT update important software every few weeks.
P.S.- we still run NT 3.5 servers too for critical systems. Could an entire industry be foolish by not updating every few weeks? I think not.
Do not look at laser with remaining good eye.
Shouldn't Theo have caught this? or is he only concerned with OpenSSH?
Read past the headline:
So Theo (or someone else working on OpenSSH) DID catch it. Maybe they didn't know they caught it, or that it was exploitable, but they did fix it.
i was using the portable version, it's just that, by default, it likes you to use PAM for password authentication, which slackware doesn't. if you don't use PAM, it likes you to heve your passwords encrypted with crypt. mine aren't.
i had to use a few special configuration parameters (i think they were --enable-md5 --enable-shadow and --disable-pam, but i'm not sure. that's from memory.)
#define F(x) int main(){printf(#x,10,#x);}
F(#define F(x) int main(){printf(#x,10,#x);}%cF(%s))
Yeah, /usr/ports for freebsd 3 still uses openssh 2.2, but disabling protocol 1 is at least a quick fix while a more stable thing is done.
---
-
ping -f 255.255.255.255 # if only
Try http://www.debian.org/security/2001/dsa-027.
Actually, if the poster was serious, I doubt he was supporting VB, but rather something like SML/NJ. The proponents of this language insist that their programs can be made unhackable because they can be mathematically proven to be secure.
;->
Of course, I don't think this is the way to go - mostly because current SML implementations are damn slow, and I'm a C bigot.
--------------------------
There are a large number of ISPs which do not use switched networks, and also do not use AntiSniff. As a result, they have no protection against this. Seeing as you seem to believe that most ISPs prevent this, how do you believe they do that?
Furthermore, the belief that every router hop from your machine to the machine you're connected to is secure is fatally mistaken. Just because your ISP has effective security measures does not mean that everyone on the route has the same effective measures.
--
Right, better use Windows/Visual Basic instead, which assume the coder doesn't know what he is doing, and thus introduce security holes on his behalf...
Just because I don't have classified data on my computer doesn't mean that I want to have it broken into and that I shouldn't take reasonable precautions to see that my system is safe.
_____________
I don't want free as in beer. I just want free beer.
It looks like Debian already has the updated version available.
More information available on the debian package at http://www.debian.org/security/2001/dsa-026/
First bind, then ssh.. what's next -- will somebody find a way to hack Hotmail?!
:)
Oh, wait..
----------
Never underestimate the bandwidth of a 747 filled with CD-ROMs.
lizrd got the first point, which is that someone coming in and fucking up your data, "sensitive" or not, is a serious pain, even if you have comprehensive backups.
The second point is that while you may not be a criminal, leaving your box open to something like this makes you criminally stupid. Some script kiddie may jump in and start setting up IRC servers and using your machine to help in some DDOS attacks. Try proving to your local authorities that just because the logs say the attacks came from YOUR IP that it wasn't YOUR fault and that, please officer, can I have my computer back now?
I thought we had already discussed that we should all move away from SSH1 and use SSH2... As advised by SecurityPortal, I upgraded my server and clients to SSH2. I for one am feeling safe, now, at least for the few next weelks/months...
As for OpenSSH, I didn't know Theo worked on it, But I did know OpenSSH and OpenBSD we're related. which explains what I said, also you we're the second person to call me on that, it wasn't necessary, but it reinforced your augments that I am an idiot. You're going out on a limb calling me on things like capitalization, and obviously on purpose misspellings.
recently I've been losing patience with slashdot, and posting garbage. if you look at my history you'll notice many of my posts have been modded down (some way down) after they we're modded up. As you can also see i have the +2 bonus, and am, from time to time a modertor, which means i must have gotten karma at some point.
I'm sick of the slashdot way of karma whoring, so I'm also getting lazy, impatient and bored.. I've been posting stuff just to see how it gets received, not because I believe in what I say, or even care about what I'm talking about.
Am at a point where I don't care about my karma, I don't care if other people don't like what I say, I think I'm turning into what slashdot concedes a troll, and if so, so be it.
-Jon
Streamripper
this is my sig.
So I said "huh, so except for a man in the middle attack, or brute force, there's really no attacks", "yup". then i said "So all those exploits on ssh are just coding errors right?", "yup".
so what is this like 4th r00t expliot from ssh? You would really think that people making an app to improve security would be more careful about this. Or maybe they did, and it's one of those new sprintf one's, if I remember from defcon (boy that sucked) there was a common exploit via sprintf's that wasn't widely known until recently... , something to do with %n I think..
Shouldn't Theo have caught this? or is he only concerned with OpenSSH?
-Jon
Streamripper
this is my sig.
It is strange that you should say this, because the present exploit has nothing to do with buffer overflows. If there is anything to be said about "safe" or "unsafe", it is that you can write unsafe programs in any language. As far as I can tell, C is still a good language for doing systems work.
Personally, I'd like to see a move to Modula 3 or Ada for trusted modules, but so few people know those languages now. Hard-compiled Java, maybe.
anytime you communicate with anything other than yourself, the Trust issue comes into play.
-f
-f
www.blackant.net
Newer versions of GCC can generate diagnostics as they compile and optimize.
gcc -Wall -W -O -c foo.c will generate lots of helpful diagnostics on stderr.
Like Tetris? Like drugs? Ever try combining them?
Will I retire or break 10K?
The *point* was whether or not someone would need to access to a major node to sniff your data. Yes, this internet is a public network. No, it does not apply to what I'm saying. Otherwise I could just sit on my dialup link, fire up a sniffer and watch every bit of traffic on the internet go by. Also, the post I was replying to was the not the original post.
"We obviously need a new moderation category: (-1, Woo-fucking-hoo)" --Mr. AC
WHAT? Your pop mail ISN'T encrypted with pgp/gpg? I have all the people I really care to talk to properly educated in how to use PGP. Even my wife, who found giving up AOL to be highly traumatic. Hell, I've got my filters set up to send anything that ISN'T signed or encrypted directly to the spam box.
Why is it that the proponents of "one nation under God" are so eager to get rid of "liberty and justice for all"?
The worst thing that can happen if your messages are encrypted is that the attacker can delete them from your mailbox. This amounts to a pretty lame DoS attack - annoying but not catastrophic. If it's a message that absoloutely MUST go through, you shouldn't be relying on email in the first place. It would be a pretty stupid attack anyway, because the target would know pretty quickly that their comm channel has been compromised.
An attacker could find out the names and emails of the people you are conversing with, but they could get that information anyway, by sniffing it out of the headers of the incoming SMTP messages (for example). [Traffic analysis, anyone?] If you need to conceal WHO you are talking to, you need to use some sort of dead drop arrangement, like posting an image with a steganographically-imbedded message to usenet or a free webpage.
Whining about the insecurity of POP3 (and SMTP) isn't a productive use of your time. Virtually every ISP in the world uses POP3/SMTP for email. It's insecure. Deal with it. If security matters, host your own Secure IMAP server and encrypt all your traffic. Your ISP isn't going to be changing it's email infrastructure any time soon. (Talk about a major tech support nightmare!) Sure, it would be nice if email had end-to-end encryption that is completely transparent to the end user, but that's not going to happen around any time soon. You've got to make do with the tools you have to work with.
Why is it that the proponents of "one nation under God" are so eager to get rid of "liberty and justice for all"?
There is no reason why you cannot compile your Java language source code into native machine code for a specific architure / OS. Likewise, you could compile C/C++ source into Java byte codes and run it on any Java virtual machine.
From my experience, Java programs compiled into native machine code have near-identical performance to C++ implementations of the same programs. You lose object-level portability by doing native compiliation, but you still have 100% source code compatibility; which is more than you can say for C (#ifdef, anyone?)
Actually, for highly reliable system level programming, ADA is probably the best choice. It was specifically designed for safety and reliability - which is why it is the preferred language in the Avionics and Nuclear Power industries. Too bad that nobody outside those niches uses it.
Why is it that the proponents of "one nation under God" are so eager to get rid of "liberty and justice for all"?
Ok.. will someone explain to me how a #2 post can be "Redundant" when the first post was just a first post ?
Geez moderators, browsing at "+2 newest first" isn't exactly bright.
-Billco, Fnarg.com
C is a "good language for doing systems work" if safety, security, and correctness are not very high priorities and if your programs are reasonably small. That was true of the original UNIX system. It isn't true of something like SSH or other network services (security is of paramount importance) and it isn't true either of huge GUI applications (too many potential sources of errors to ever get something really reliable).
(In theory, C++ could be a little better, but in practice, the way C++ is actually used, the same comments apply to C++.)
Go to the ports directory, you say. That doesn't compile either. the SSH2 port doesn't compile either! Neither will OpenSSH (it warns about remote root exploits, really helpful), and the latest maintained official ssh1 version is 1.2.27.
I expect to find a lot of rootable old FreeBSD boxes out there.
- A.P.
--
* CmdrTaco is an idiot.
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
Not true. There were two seperate vulnerabilites announced yesterday. The first just involves changing the static word16 to a static word32, but the second attack involved connecting many times to determine a session key. With the session key (and a sniffed session), one could decrypt the entire ssh session. Here's the patch for this on (for ssh-1.2.31 and below):
--- rsaglue.c 1999/12/10 23:27:25 1.8
+++ rsaglue.c 2001/02/03 09:42:05
@@ -264,7 +268,15 @@
mpz_clear(&aux);
if (value[0] != 0 || value[1] != 2)
- fatal("Bad result from rsa_private_decrypt");
+ {
+ static time_t last_kill_time = 0;
+ if (time(NULL) - last_kill_time > 60 && getppid() != 1)
+ {
+ last_kill_time = time(NULL);
+ kill(SIGALRM, getppid());
+ }
+ fatal("Bad result from rsa_private_decrypt");
+ }
for (i = 2; i len && value[i]; i++)
;
and here's the previously discussed patch:
--- ssh-1.2.31/deattack.c-old Wed Feb 7 19:45:16 2001
+++ ssh-1.2.31/deattack.c Wed Feb 7 19:54:11 2001
@@ -79,7 +79,7 @@
detect_attack(unsigned char *buf, word32 len, unsigned char *IV)
{
static word16 *h = (word16 *) NULL;
- static word16 n = HASH_MINSIZE / HASH_ENTRYSIZE;
+ static word32 n = HASH_MINSIZE / HASH_ENTRYSIZE;
register word32 i, j;
word32 l;
register unsigned char *c;
Also, it should be pointed out that openssh-2.3.0 isn't supported on openBSD =2.6, so if you run an older openBSD, you either have to upgrade or switch to ssh.com's ssh....
--BlueLines "The cost of living hasn't affected it's popularity." -anonymous
You are wrong. The present exploit has everything to do with buffer overflows. In this case the "buffer" is a hash table; the exploit depends on writing data outside the bounds of the hash table, which would be caught by a safe language.
1) This affects all common implementations, including the commercial one from SSH.com
2) This doesn't affect OpenSSH 2.3.0, which is Open Source!
Suck it.
--
--
"I personal[ly] think Unix is "superior" because on LSD it tastes like Blue." -- jbarnett
Mike Roberto
- GAIM: MicroBerto
Berto
Indeed you're right.
I find it odd that commercial companies, like our F-Secure, have been to tight to buy a copy of ProLint and run it, or have willfully ignored the warning messages that it would produce.
The 10 commandments of C programming still hold true...
FatPhil
-- Real Men Don't Use Porn. -- Morality In Media Billboards
Also FatPhil on SoylentNews, id 863
It's a race against the clock... All the Skript Kiddies who read /. settle in against all the sys admins... ready, set, go! Which one's easier to find, the patch, ot the 'Sploit? Hurry, hurry!!!
When encryption is outlawed, ?o'AZ-,++o+i++##4AoA+-/-C++bI+/.+~
-Brian
You need to change a single variable declaration in one function and re-make. This is difficult to abuse and simple to correct.
Refer to the article for the patch/change.
-Rusty
The Master (Angelo Rossitto) in Mad Max Beyond Thunderdome, "Not shit, energy!"
The "standard" tarball linked under "getting source" on the OpenSSH page is for OpenBSD and does not have a configure script, just a installer.
If you download OpenSSH for a non OpenBSD box, make sure you pick the portable version. (under operating systems click on your operating system, or go to: http://www.openssh.com/portable.html).
-Matt
Script kiddie this, script kiddie that. I'm sick of it. I pay my taxes, I'm balding, I'm in serious debt to MasterCard... I'm a script adult.
there were arguments to switch to openssh before, but never one that was this practical in nature.
the only downside of openssh that i've seen was that it was a pain to figure out which compile-time options i needed. make sure you know exactly how your passwords are stored on your box. once i had that figured out, i liked it better than i ever liked the commercial SSH.
#define F(x) int main(){printf(#x,10,#x);}
F(#define F(x) int main(){printf(#x,10,#x);}%cF(%s))
Je t'aime Stéphanie
Debian 2.2 OpenSSH package has allready been fixed. As usual, they have backported the fix to the version of ssh in stable (v1.2.3).
/etc/apt/sources.list, then apt-get update && apt-get upgrade.
/usr/share/doc/ssh/changelog.Debian.gz
Make sure you have the Debian security sources in
deb http://security.debian.org/ stable/updates main contrib non-free deb-src http://security.debian.org/ stable/updates main contrib non-free
openssh (1:1.2.3-9.2) stable; urgency=high
* Non-maintainer upload by Security Team
* Added backported fix for a buffer overflow (thanks to Piotr Roszatycki)
* Added modified build dependencies from unstable for convenience
* Added patch that fixes an rsa key exchange problem made public by CORE SDI.
-- Martin Schulze Thu, 8 Feb 2001 22:15:04 +0100
I'm going to go back in my box and will think within the limits of my box: MS Sucks Linux Good I read too much Slashdot.
What is it with caching contents of a POST method -- netscape picked up its cached version of my previous post...
Last correction: patch < deattack.c.patch using the following text copied into deattack.c.patch
--- deattack.c Wed May 12 12:19:25 1999
+++ deattack.c.orig Fri Feb 9 20:00:21 2001
@@ -79,7 +79,7 @@
detect_attack(unsigned char *buf, word32 len, unsigned char *IV)
{
static word16 *h = (word16 *) NULL;
- static word16 n = HASH_MINSIZE / HASH_ENTRYSIZE;
+ static word32 n = HASH_MINSIZE / HASH_ENTRYSIZE;
register word32 i, j;
word32 l;
register unsigned char *c;
Scroogle