Bugtraq: SSH Vulnerability Scan (and ScanSSH tool) | Linux Today

Bugtraq: SSH Vulnerability Scan (and ScanSSH tool)

Written By
Web Webster
Web Webster
Dec 6, 2001
From:   Niels Provos 
Subject:        SSH Vulnerability Scan
Date:   03 Dec 2001 15:53:22 -0500      
SSH Vulnerability Scan
Vulnerability to CRC32 compensation attack detector exploit
-----------------------------------------------------------

In February 2001, Razor Bindview released their "Remote vulnerability
in SSH daemon crc32 compensation attack detector" advisory, which
outlined a gaping hole in deployed SSH servers that can lead to a
remote attacker gaining privileged access:

        http://razor.bindview.com/publish/advisories/adv_ssh1crc.html

In November 2001, Dave Dittrich published a detailed analysis of the
"CRC32 compensation attack detector exploit."  This exploit is
currently widely in use.  CERT released Incident Note IN-2001-12:

        http://staff.washington.edu/dittrich/misc/ssh-analysis.txt
        http://www.cert.org/incident_notes/IN-2001-12.html

At the Center for Information Technology Integration, Niels Provos and
Peter Honeyman have been scanning the University of Michigan for
vulnerable SSH server software to identify and update vulnerable SSH
servers:

        http://www.citi.umich.edu/ssh/

However, scans of the Internet show that system and security
administrators must react and update their SSH servers:

        http://www.citi.umich.edu/u/provos/ssh/crc32s.png

At this writing, over 30% of all SSH servers appear to have the
CRC32 bug.
                        
A simple solution is to remove support for Version One of the SSH
protocol.  The majority of servers on the Internet support the SSH v2
protocol.

To test whether your network has vulnerable SSH servers, you might
use the ScanSSH tool:

        http://www.monkey.org/~provos/scanssh/

References:
                 
"ScanSSH - Scanning the Internet for SSH Servers",
  Niels Provos and Peter Honeyman, 16th USENIX Systems Administration
  Conference (LISA). San Diego, CA, December 2001.
  http://www.citi.umich.edu/techreports/reports/citi-tr-01-13.pdf
        
This information is also available at

  http://www.citi.umich.edu/u/provos/ssh/           

Web Webster

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.