[135] in Best-of-Security
BoS: Advisory on SSH security
daemon@ATHENA.MIT.EDU (Huge Cajones Remailer)
Thu May 1 22:09:47 1997
Date: Wed, 30 Apr 1997 14:17:36 -0700
From: nobody@huge.cajones.com (Huge Cajones Remailer)
Reply-To: best-of-security@suburbia.net
Errors-To: best-of-security-request@suburbia.net
To: best-of-security@suburbia.net
Resent-From: best-of-security@suburbia.net
The SSH Quality Control team has found security flaws in SSH protocol.
Some of the flaws are serious.
We are strongly committed for the security of our technology and perform
continuous testing and code analysis of our products. Due to this on going
project we have unearthed several security problems of different degrees
of seriousness in the SSH protocol and implementation. We always announce
the security problems to the general public, but provide the information
to our registered users first along with the security fix.
The bugs concern only SSH protocol version 1.5 implemented in SSH server
version 1.2.17. Later versions of the server or applications that use
version 2 of the SSH protocol are not affected by the bugs. Version 2 of
the protocol is under development and first implementations should be
ready by the end of June.
This report has been sent in advance to you so that you can upgrade your
servers well before the public announcement. The bugs will be made public
as a CERT Advisory in the beginning of June after we get the commercial
version 1.3 shipping. We are just doing final tests on 1.3 and expect it to
be released in next two weeks. The exact differences between the commercial
and non-commercial versions will be announced when we release the
commercial 1.3 version.
Before we release version 1.3 of the server you can use version 1.2.20
instead. The latest test version of the non-commercial ssh UNIX
distribution is available from ftp.partner.datafellows.com at the
ftp/partner/f-secure/products/beta/ssh directory. The file is named:
ssh-1.2.20.tar.gz
Below is the CERT advisory that will be published in June. Note that you
can not download server version 1.2.20 or newer from our web site yet even
if it is mentioned in chapter III of the advisory. Version 1.3 of the
server will be available on our web site when we publish the advisory.
I. Description
Some security flaws have been found in both the SSH protocol and
its implementation in SSH server version 1.2.17.
II. Impact
An attacker with the ability to do active network-level attacks can
compromise the security of a number of aspects of the SSH protocol as
implemented in SSH-1.2.17. While some of the attacks are fairly serious,
even in the worst case security is still better than with rlogin or
telnet. Being able to succeed in breaking SSH security requires intimate
knowledge of the protocol and the implementation, access to a large amount
of processing power and expertise in TCP/IP networking.
III. Solution
The known vulnerabilities can be avoided by updating the SSH server to
version 1.2.20 or later. The server can be obtained from
http://www.Europe.DataFellows.com/f-secure/ssh/download.htm or the ftp
sites listed at http://www.cs.hut.fi/ssh/. The client software does not
need to be updated.
