Date: 03 November 1998
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
===========================================================================
A U S C E R T A L E R T
AL-98.03 -- AUSCERT ALERT
Potential Vulnerability in ssh 1.2.26 (update)
30 October 1998
Last Revised: 3 November 1998
===========================================================================
PROBLEM:
On 30 October 1998 we reported a potential vulnerability in the server
for the latest freely available version of ssh (1.2.26). ssh is a
tool that allows users to make encrypted remote connections using
strong authentication.
One of the attacks leading to that alert has been publicly
documented:
http://www.news.com/News/Item/0,4,28043,00.html
The vendor of this version of ssh has examined the code and has
been unable to establish, at this stage, the existence of a
vulnerability. The vendor has created a web page to provide
updates on this topic:
http://www.ssh.fi/sshprotocols2/rootshell.html
SOLUTION:
AusCERT encourages sites to maintain an awareness of this issue by
monitoring the vendor's web site.
Sites choosing to allow incoming connections are encouraged to ensure
that they only allow connections from a controlled set of sources.
For example, sites may choose to do this by applying appropriate
filters at boundary routers and firewalls, or by investigating the
use of tools such as tcp_wrappers. Further, we encourage sites to
monitor incoming traffic according to their local policies and
procedures, and respond appropriately to any suspicious incoming ssh
connections.
We will continue to monitor this situation and post another alert
should any further information be confirmed.
- ---------------------------------------------------------------------------
AusCERT issues an alert when the risk posed by a vulnerability that may
not have been thoroughly investigated and for which a work-around or fix
may not yet have been developed requires notification.
The AusCERT team has made every effort to ensure that the information
contained in this document is accurate at the time of publication. However,
the decision to use the information described is the responsibility of
each user or organisation. The appropriateness of this document for an
organisation or individual system should be considered before application
in conjunction with local policies and procedures. AusCERT takes no
responsibility for the consequences of applying the contents of this
document.
If you believe that your system has been compromised, contact AusCERT or
your representative in FIRST (Forum of Incident Response and Security
Teams).
AusCERT maintains an anonymous FTP service which is found on:
ftp://ftp.auscert.org.au/pub/. This archive contains past SERT
and AusCERT Advisories, and other computer security information.
AusCERT maintains a World Wide Web service which is found on:
http://www.auscert.org.au/.
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business
hours which are GMT+10:00 (AEST). On call
after hours for emergencies.
Postal: Australian Computer Emergency Response Team
Prentice Centre
The University of Queensland
Brisbane
Qld. 4072.
AUSTRALIA
===========================================================================
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
Comment: ftp://ftp.auscert.org.au/pub/auscert/AUSCERT_PGP.key
iQCVAwUBNmUx+Ch9+71yA2DNAQE1KgQAkSNNQS3dI1Sp5eXF8NRfB7xMszGRufKT
aCqRTkttsqvDoXX80yHt+YGRNG1+x1oD6J0LBVTjkMvJ+WzPsjCKH0YrBEdr0vWF
U6NwUjhP1fWQKHwuCPAuWa5YdzQrY+WMDB3zCotlxWa/CAP7+bUNMmDK7QJt77QP
4EQMLUgQdIg=
=EzsP
-----END PGP SIGNATURE-----
|