SuSE Security Announcement: sshFeb 16, 2001, 19:38 (4 Talkback[s])
(Other stories by Roman Drahtmueller)
Date: Fri, 16 Feb 2001 18:02:43 +0100 (MET)
SuSE Security Announcement Package: ssh Announcement-ID: SuSE-SA:2001:04 Date: Friday, February 16th, 2000 18:00 MET Affected SuSE versions: 6.0, 6.1, 6.2, 6.3, 6.4, 7.0 Vulnerability Type: possible remote root compromise Severity (1-10): 9 SuSE default package: yes, no (openssh is default after SuSE-6.3) Other affected systems: Unix systems with sshd running Content of this advisory: 1) security vulnerability resolved: ssh problem description, discussion, solution and upgrade information 2) pending vulnerabilities, solutions, workarounds 3) standard appendix (further information)
1) problem description, brief discussion, solution, upgrade information
SuSE distributions contain the ssh package in the version 1.2.27. No later version is provided because of licensing issues. SuSE maintains the 1.2.27 version in a patched package. Three new patches have been added that workaround three independent security problems in the ssh package:
a) SSHD-1 Logging Vulnerability (discovered and published by Jose Nazario, Crimelabs). Attackers can remotely brute-force passwords without getting noticed or logged. In the ssh package from the SuSE distribution, root login is allowed, as well as password authentication. Even though brute-forcing a password may take an enormous amount of time and resources, the issue is to be taken seriously.
b) SSH1 session key recovery vulnerability (by (Ariel Waissbein, Agustin Azubel) - CORE SDI, Argentina, and David Bleichenbacher). Captured encrypted ssh traffic can be decrypted with some effort by obtaining the session key for the ssh session. The added patch in our package causes the ssh daemon to generate a new server key pair upon failure of an RSA operation (please note that the patch supplied with Iván Arce on bugtraq on Wed, 7 Feb 2001 has been corrected later on!).
c) In 1998, the ssh-1 protocol was found to be vulnerable to an attack where arbitrary sequences could be inserted into the ssh-1 protocol layer. The attack was called "crc32 compensation attack", and a fix was introduced (crc compensation attack detector in the ssh -v output) into the later versions of ssh. Michal Zalewski discovered that the fix in its most widely used implementation is defective. An integer overflow allows an attacker to overwrite arbitrary memory in the sshd process' address space, which potentionally results in a remote root compromise.
There are easy resorts that can be offered: a) switch to openssh (please use the openssh packages on ftp.suse.com from the same update directories as the ssh package update URLs below indicate). openssh is a different implementation of the ssh protocol that is compatible to the protocol versions 1 and 2. Openssh Version 2.3.0 does not suffer from the problems listed above. Versions before 2.3.0 are vulnerable to other problems, so please use the updates from the update directory on the ftp.suse.de ftp server. See section 2) of this announcement for the md5sums of the packages. b) upgrade your ssh package from the locations described below.
Download the update package from locations desribed below and
install the package with the command `rpm -Uhv file.rpm'. The
md5sum for each file is in the line below. You can verify the
integrity of the rpm files using the command
SPECIAL INSTALL INSTRUCTIONS:
If you run a sshd (secure shell daemon) server on your system, then the daemon process must be restarted for the update package to become active after installation of the update rpm. You can do this easily with the command (ran as root):
kill -15 `cat /var/run/sshd.pid`
After this, you can start the daemon using the command
It should be possible now to log on again to your server as usual. Please consult the syslogs in /var/log if this is not the case. Warning: killing all instances of sshd on a system might render the system inaccessible from remote, especially if secure shell is your only method to access the system. Be careful to not lock yourself out.
Note: The packages on our German ftp server have been built again to correct one of the patches. The package for the 6.1-i386 distribution has finished building a few minutes ago and uses the same name as the build from Wednesday. Use the --force commandline option for the rpm command if you have used the package that was published before the release date of this announcement.
i386 Intel Platform:
AXP Alpha Platform:
PPC Power PC Platform:
2) Pending vulnerabilities in SuSE Distributions and Workarounds:
- The openssh package URLs and md5sums:
- Linux kernel upgrade. Several security flaws have been found in the linux-2.2.x kernel versions. The only suitable workaround is to upgrade to a newer kernel version. SuSE provides kernels that have been expanded with several dozen device drivers that are not included in the standard main stream kernel.
While working on the kernel update packages for our distributions, more security problems were discovered. Currently, several persons audit code in the kernel, so that more problems are expected to be discovered in the very near future.
Since kernel updates are very time-consuming on behalf of the system administrator, we decided to not publish a new kernel package each week. Instead, the new kernel packages with all known security bugs fixed will be published by the midth/end of next week.
In the meanwhile, administrators who require immediate updates, please go to ftp.kernel.org (or one of its mirrors, respectively) and get Alan Cox' prepatches for the 2.2.19 version of the Linux kernel. The directory usually is /pub/linux/kernel/people/alan/2.2.19pre, his latest patch is pre-patch-2.2.19-13.gz. This patch fixes all currently publically known security problems in the Linux v2.2 kernel. For those who are not experienced in patching and installing kernels, we recommend to wait for the release of the SuSE Linux kernel update packages.
- From SuSE-SA:2001:03 (bind8): The sparc update packages were pending because of build bottlenecks. The URLs to the update packages and the md5sums are as follows:
- bind: The bind package version 4.x has been found vulnerable to multiple security problems that were discussed and published in public security forums. See http://www.securityfocus.com/templates/advisory.html?id=3051 for more information. SuSE provides update packages for the bind nameserver in version 4 for all distributions and architectures. We also hereby announce that the bind package (bind-4.x; the bind nameserver in version 8 is contained in the bind8 package) will be discontinued in future versions of the SuSE Linux Distribution. We recommend to migrate to bind in the 8.x or 9.x series. There will be a seperate security announcement for the bind (4.x) package by Monday, February 19th 2001. In the meanwhile, get the md5sums from the URL ftp://ftp.suse.de/private/draht/bind4-checksums . It is signed.
- More announcements are following this one. (mysql, tmpfile races, ...) Please read (this) section 2) in the announcements carefully.
3) standard appendix:
SuSE runs two security mailing lists to which any interested party may subscribe:
SuSE's security contact is email@example.com.
- - | Roman Drahtmüller firstname.lastname@example.org // "Caution: Cape does | SuSE GmbH - Security Phone: // not enable user to fly." | Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) | -