Hi Folks, Washington University has a nice analysis of the ssh "crc32" vulnerability at staff.washington.edu/dittrich/misc/ssh-analysis.txt. I've included a list of the various ssh versions and their vulnerability status. Note: Not all ssh v1 servers are affected. For example, the ssh v1 fallback for OpenSSH_2.3.0 and newer are okay. You can determine what version you are using by telnetting to the computer in question on port number 22. For example: telnet somehost.somedomain.com 22 will give you a welcome banner identifying the version of the server. I'm not sure if telnetting like this works on Windoze boxes, you might have to RTFM. Also, there are good reasons to support ssh v1 as a fallback. Many Windoze ssh clients (TTssh, etc) don't support ssh v2 yet. This is a serious problem folks, if you have a vulnerable version and you are connected to the Internet, the chances are you will get rOOteD. Regards, Lew Wolfgang Version Table from Washington University 'SSH-1.4-1.2.13', 'not affected', 'SSH-1.4-1.2.14', 'not affected', 'SSH-1.4-1.2.15', 'not affected', 'SSH-1.4-1.2.16', 'not affected', 'SSH-1.5-1.2.17', 'not affected', 'SSH-1.5-1.2.18', 'not affected', 'SSH-1.5-1.2.19', 'not affected', 'SSH-1.5-1.2.20', 'not affected', 'SSH-1.5-1.2.21', 'not affected', 'SSH-1.5-1.2.22', 'not affected', 'SSH-1.5-1.2.23', 'not affected', 'SSH-1.5-1.2.24', 'affected', 'SSH-1.5-1.2.25', 'affected', 'SSH-1.5-1.2.26', 'affected', 'SSH-1.5-1.2.27', 'affected', 'SSH-1.5-1.2.28', 'affected', 'SSH-1.5-1.2.29', 'affected', 'SSH-1.5-1.2.30', 'affected', 'SSH-1.5-1.2.31', 'affected', 'SSH-1.5-1.2.31a', 'not affected', # Custom version post-CORE advisory 'SSH-1.5-1.2.32', 'not affected', 'SSH-1.5-1.3.6', 'affected', 'SSH-1.5-1.3.7', 'affected', 'SSH-1.5-1.3.8', 'affected', 'SSH-1.5-1.3.9', 'affected', 'SSH-1.5-1.3.10', 'affected', # F-Secure SSH versions prior to 1.3.11-2 'SSH-1.5-Cisco-1.25', 'unknown', 'SSH-1.5-OSU_1.5alpha1', 'unknown', 'SSH-1.5-OpenSSH-1.2', 'affected', 'SSH-1.5-OpenSSH-1.2.1', 'affected', 'SSH-1.5-OpenSSH-1.2.2', 'affected', 'SSH-1.5-OpenSSH-1.2.3', 'affected', 'SSH-1.5-OpenSSH_2.5.1', 'not affected', 'SSH-1.5-OpenSSH_2.5.1p1', 'not affected', 'SSH-1.5-OpenSSH_2.9p1', 'not affected', 'SSH-1.5-OpenSSH_2.9p2', 'not affected', 'SSH-1.5-RemotelyAnywhere', 'not affected', 'SSH-1.99-2.0.11', 'affected w/Version 1 fallback', 'SSH-1.99-2.0.12', 'affected w/Version 1 fallback', 'SSH-1.99-2.0.13', 'affected w/Version 1 fallback', 'SSH-1.99-2.1.0.pl2', 'affected w/Version 1 fallback', 'SSH-1.99-2.1.0', 'affected w/Version 1 fallback', 'SSH-1.99-2.2.0', 'affected w/Version 1 fallback', 'SSH-1.99-2.3.0', 'affected w/Version 1 fallback', 'SSH-1.99-2.4.0', 'affected w/Version 1 fallback', 'SSH-1.99-3.0.0', 'affected w/Version 1 fallback', 'SSH-1.99-3.0.1', 'affected w/Version 1 fallback', 'SSH-1.5-OpenSSH-2.1', 'affected', 'SSH-1.5-OpenSSH_2.1.1', 'affected', 'SSH-1.5-OpenSSH_2.2.0', 'affected', 'SSH-1.5-OpenSSH_2.2.0p1', 'affected', 'SSH-1.5-OpenSSH_2.3.0', 'not affected', 'SSH-1.5-OpenSSH_2.3.0p1', 'not affected', 'SSH-1.5-OpenSSH_2.5.1', 'not affected', 'SSH-1.5-OpenSSH_2.5.1p1', 'not affected', 'SSH-1.5-OpenSSH_2.5.1p2', 'not affected', 'SSH-1.5-OpenSSH_2.5.2p2', 'not affected', 'SSH-1.5-OpenSSH_2.9.9p2', 'not affected', 'SSH-1.5-OpenSSH_2.9', 'not affected', 'SSH-1.5-OpenSSH_2.9p1', 'not affected', 'SSH-1.5-OpenSSH_2.9p2', 'not affected', 'SSH-1.5-OpenSSH_3.0p1', 'not affected', 'SSH-1.5-OpenSSH-2.1', 'affected', 'SSH-1.99-OpenSSH_2.1.1', 'affected', 'SSH-1.99-OpenSSH_2.2.0', 'affected', 'SSH-1.99-OpenSSH_2.2.0p1', 'affected', 'SSH-1.99-OpenSSH_2.3.0', 'not affected', 'SSH-1.99-OpenSSH_2.3.0p1', 'not affected', 'SSH-1.99-OpenSSH_2.5.1', 'not affected', 'SSH-1.99-OpenSSH_2.5.1p1', 'not affected', 'SSH-1.99-OpenSSH_2.5.1p2', 'not affected', 'SSH-1.99-OpenSSH_2.5.2p2', 'not affected', 'SSH-1.99-OpenSSH_2.9.9p2', 'not affected', 'SSH-1.99-OpenSSH_2.9', 'not affected', 'SSH-1.99-OpenSSH_2.9p1', 'not affected', 'SSH-1.99-OpenSSH_2.9p2', 'not affected', 'SSH-1.99-OpenSSH_3.0p1', 'not affected',
Hi together,
Hi Folks,
Washington University has a nice analysis of the ssh "crc32" vulnerability at staff.washington.edu/dittrich/misc/ssh-analysis.txt.
I've included a list of the various ssh versions and their vulnerability status. Note: Not all ssh v1 servers are affected. For example, the ssh v1 fallback for OpenSSH_2.3.0 and newer are okay.
You can determine what version you are using by telnetting to the computer in question on port number 22. For example:
telnet somehost.somedomain.com 22
will give you a welcome banner identifying the version of the server. I'm not sure if telnetting like this works on Windoze boxes, you might have to RTFM.
Also, there are good reasons to support ssh v1 as a fallback. Many Windoze ssh clients (TTssh, etc) don't support ssh v2 yet.
This is a serious problem folks, if you have a vulnerable version and you are connected to the Internet, the chances are you will get rOOteD.
Regards, Lew Wolfgang
Version Table from Washington University
I guess that this is not really all of the truth.
There are two bugs:
1) the crc-32 compensation attack
2) the attack against the faulty fix for the crc-32 compensation attack
Exploitation against 1) is non-trivial, is a man-in-the-middle-attack and
will not necessarily result in a full remote compromise.
Exploitation against 2) is non-trivial as well, but it is an attack that
anyone can launch, without being in the middle of an already existing
connection. We know that this bug is being actively exploited on the
internet.
The fix against bug 2):
http://www.suse.de/de/support/security/adv004_ssh.txt
available since Feb 16 2001.
Now, Lew, could you please explain me what this list below is supposed to
do?
Thanks,
Roman.
- -
| Roman Drahtmüller
'SSH-1.4-1.2.13', 'not affected', 'SSH-1.4-1.2.14', 'not affected', 'SSH-1.4-1.2.15', 'not affected', 'SSH-1.4-1.2.16', 'not affected', 'SSH-1.5-1.2.17', 'not affected', 'SSH-1.5-1.2.18', 'not affected', 'SSH-1.5-1.2.19', 'not affected', 'SSH-1.5-1.2.20', 'not affected', 'SSH-1.5-1.2.21', 'not affected', 'SSH-1.5-1.2.22', 'not affected', 'SSH-1.5-1.2.23', 'not affected', 'SSH-1.5-1.2.24', 'affected', 'SSH-1.5-1.2.25', 'affected', 'SSH-1.5-1.2.26', 'affected', 'SSH-1.5-1.2.27', 'affected', 'SSH-1.5-1.2.28', 'affected', 'SSH-1.5-1.2.29', 'affected', 'SSH-1.5-1.2.30', 'affected', 'SSH-1.5-1.2.31', 'affected', 'SSH-1.5-1.2.31a', 'not affected', # Custom version post-CORE advisory 'SSH-1.5-1.2.32', 'not affected', 'SSH-1.5-1.3.6', 'affected', 'SSH-1.5-1.3.7', 'affected', 'SSH-1.5-1.3.8', 'affected', 'SSH-1.5-1.3.9', 'affected', 'SSH-1.5-1.3.10', 'affected', # F-Secure SSH versions prior to 1.3.11-2 'SSH-1.5-Cisco-1.25', 'unknown', 'SSH-1.5-OSU_1.5alpha1', 'unknown', 'SSH-1.5-OpenSSH-1.2', 'affected', 'SSH-1.5-OpenSSH-1.2.1', 'affected', 'SSH-1.5-OpenSSH-1.2.2', 'affected', 'SSH-1.5-OpenSSH-1.2.3', 'affected', 'SSH-1.5-OpenSSH_2.5.1', 'not affected', 'SSH-1.5-OpenSSH_2.5.1p1', 'not affected', 'SSH-1.5-OpenSSH_2.9p1', 'not affected', 'SSH-1.5-OpenSSH_2.9p2', 'not affected', 'SSH-1.5-RemotelyAnywhere', 'not affected', 'SSH-1.99-2.0.11', 'affected w/Version 1 fallback', 'SSH-1.99-2.0.12', 'affected w/Version 1 fallback', 'SSH-1.99-2.0.13', 'affected w/Version 1 fallback', 'SSH-1.99-2.1.0.pl2', 'affected w/Version 1 fallback', 'SSH-1.99-2.1.0', 'affected w/Version 1 fallback', 'SSH-1.99-2.2.0', 'affected w/Version 1 fallback', 'SSH-1.99-2.3.0', 'affected w/Version 1 fallback', 'SSH-1.99-2.4.0', 'affected w/Version 1 fallback', 'SSH-1.99-3.0.0', 'affected w/Version 1 fallback', 'SSH-1.99-3.0.1', 'affected w/Version 1 fallback', 'SSH-1.5-OpenSSH-2.1', 'affected', 'SSH-1.5-OpenSSH_2.1.1', 'affected', 'SSH-1.5-OpenSSH_2.2.0', 'affected', 'SSH-1.5-OpenSSH_2.2.0p1', 'affected', 'SSH-1.5-OpenSSH_2.3.0', 'not affected', 'SSH-1.5-OpenSSH_2.3.0p1', 'not affected', 'SSH-1.5-OpenSSH_2.5.1', 'not affected', 'SSH-1.5-OpenSSH_2.5.1p1', 'not affected', 'SSH-1.5-OpenSSH_2.5.1p2', 'not affected', 'SSH-1.5-OpenSSH_2.5.2p2', 'not affected', 'SSH-1.5-OpenSSH_2.9.9p2', 'not affected', 'SSH-1.5-OpenSSH_2.9', 'not affected', 'SSH-1.5-OpenSSH_2.9p1', 'not affected', 'SSH-1.5-OpenSSH_2.9p2', 'not affected', 'SSH-1.5-OpenSSH_3.0p1', 'not affected', 'SSH-1.5-OpenSSH-2.1', 'affected', 'SSH-1.99-OpenSSH_2.1.1', 'affected', 'SSH-1.99-OpenSSH_2.2.0', 'affected', 'SSH-1.99-OpenSSH_2.2.0p1', 'affected', 'SSH-1.99-OpenSSH_2.3.0', 'not affected', 'SSH-1.99-OpenSSH_2.3.0p1', 'not affected', 'SSH-1.99-OpenSSH_2.5.1', 'not affected', 'SSH-1.99-OpenSSH_2.5.1p1', 'not affected', 'SSH-1.99-OpenSSH_2.5.1p2', 'not affected', 'SSH-1.99-OpenSSH_2.5.2p2', 'not affected', 'SSH-1.99-OpenSSH_2.9.9p2', 'not affected', 'SSH-1.99-OpenSSH_2.9', 'not affected', 'SSH-1.99-OpenSSH_2.9p1', 'not affected', 'SSH-1.99-OpenSSH_2.9p2', 'not affected', 'SSH-1.99-OpenSSH_3.0p1', 'not affected',
Hi Roman, My congratulations to SuSE for jumping on the problem last February, and thanks for your further explanation. As for that list of ssh versions, I think that was taken from one of the attack scripts. The attackers are logging onto port 22 to see if the host is vulnerable, matching the given banner string with this list. Regards, Lew Wolfgang On Wed, 21 Nov 2001, Roman Drahtmueller wrote:
I guess that this is not really all of the truth.
There are two bugs:
1) the crc-32 compensation attack 2) the attack against the faulty fix for the crc-32 compensation attack
Exploitation against 1) is non-trivial, is a man-in-the-middle-attack and will not necessarily result in a full remote compromise.
Exploitation against 2) is non-trivial as well, but it is an attack that anyone can launch, without being in the middle of an already existing connection. We know that this bug is being actively exploited on the internet.
The fix against bug 2):
http://www.suse.de/de/support/security/adv004_ssh.txt available since Feb 16 2001.
Now, Lew, could you please explain me what this list below is supposed to do?
Hi Wolfgang,
Hi Roman,
My congratulations to SuSE for jumping on the problem last February, and thanks for your further explanation.
As for that list of ssh versions, I think that was taken from one of the attack scripts. The attackers are logging onto port 22 to see if the host is vulnerable, matching the given banner string with this list.
Well, I thought of that already, but the version string that is written to the network socket in plain text does not really qualify for a vulnerability check. It's a check to _exclude_ that a specific implementation is vulnerable, but the opposite is clearly not true. We've seen reports where CERT are scanning large parts of the internet and warning users about the problem, but, apparently, without knowing what the remote analysis of the protocol version means.
Regards, Lew Wolfgang
Roman.
--
- -
| Roman Drahtmüller
Well for one thing it made it Real easy to check all my boxes against the list and find a old Mandrake machine that was vulnerable. None of my suse boxes or turbolinux boxes were. Thanks for the list Lew. On Wednesday 21 November 2001 09:13 am, Roman Drahtmueller wrote:
Now, Lew, could you please explain me what this list below is supposed to do?
-
'SSH-1.4-1.2.13', 'not affected', 'SSH-1.4-1.2.14', 'not affected', 'SSH-1.4-1.2.15', 'not affected', 'SSH-1.4-1.2.16', 'not affected', 'SSH-1.5-1.2.17', 'not affected', 'SSH-1.5-1.2.18', 'not affected', 'SSH-1.5-1.2.19', 'not affected', 'SSH-1.5-1.2.20', 'not affected', 'SSH-1.5-1.2.21', 'not affected', 'SSH-1.5-1.2.22', 'not affected', 'SSH-1.5-1.2.23', 'not affected', 'SSH-1.5-1.2.24', 'affected', 'SSH-1.5-1.2.25', 'affected', 'SSH-1.5-1.2.26', 'affected', 'SSH-1.5-1.2.27', 'affected', 'SSH-1.5-1.2.28', 'affected', 'SSH-1.5-1.2.29', 'affected', 'SSH-1.5-1.2.30', 'affected', 'SSH-1.5-1.2.31', 'affected', 'SSH-1.5-1.2.31a', 'not affected', # Custom version post-CORE advisory 'SSH-1.5-1.2.32', 'not affected', 'SSH-1.5-1.3.6', 'affected', 'SSH-1.5-1.3.7', 'affected', 'SSH-1.5-1.3.8', 'affected', 'SSH-1.5-1.3.9', 'affected', 'SSH-1.5-1.3.10', 'affected', # F-Secure SSH versions prior to 1.3.11-2 'SSH-1.5-Cisco-1.25', 'unknown', 'SSH-1.5-OSU_1.5alpha1', 'unknown', 'SSH-1.5-OpenSSH-1.2', 'affected', 'SSH-1.5-OpenSSH-1.2.1', 'affected', 'SSH-1.5-OpenSSH-1.2.2', 'affected', 'SSH-1.5-OpenSSH-1.2.3', 'affected', 'SSH-1.5-OpenSSH_2.5.1', 'not affected', 'SSH-1.5-OpenSSH_2.5.1p1', 'not affected', 'SSH-1.5-OpenSSH_2.9p1', 'not affected', 'SSH-1.5-OpenSSH_2.9p2', 'not affected', 'SSH-1.5-RemotelyAnywhere', 'not affected', 'SSH-1.99-2.0.11', 'affected w/Version 1 fallback', 'SSH-1.99-2.0.12', 'affected w/Version 1 fallback', 'SSH-1.99-2.0.13', 'affected w/Version 1 fallback', 'SSH-1.99-2.1.0.pl2', 'affected w/Version 1 fallback', 'SSH-1.99-2.1.0', 'affected w/Version 1 fallback', 'SSH-1.99-2.2.0', 'affected w/Version 1 fallback', 'SSH-1.99-2.3.0', 'affected w/Version 1 fallback', 'SSH-1.99-2.4.0', 'affected w/Version 1 fallback', 'SSH-1.99-3.0.0', 'affected w/Version 1 fallback', 'SSH-1.99-3.0.1', 'affected w/Version 1 fallback', 'SSH-1.5-OpenSSH-2.1', 'affected', 'SSH-1.5-OpenSSH_2.1.1', 'affected', 'SSH-1.5-OpenSSH_2.2.0', 'affected', 'SSH-1.5-OpenSSH_2.2.0p1', 'affected', 'SSH-1.5-OpenSSH_2.3.0', 'not affected', 'SSH-1.5-OpenSSH_2.3.0p1', 'not affected', 'SSH-1.5-OpenSSH_2.5.1', 'not affected', 'SSH-1.5-OpenSSH_2.5.1p1', 'not affected', 'SSH-1.5-OpenSSH_2.5.1p2', 'not affected', 'SSH-1.5-OpenSSH_2.5.2p2', 'not affected', 'SSH-1.5-OpenSSH_2.9.9p2', 'not affected', 'SSH-1.5-OpenSSH_2.9', 'not affected', 'SSH-1.5-OpenSSH_2.9p1', 'not affected', 'SSH-1.5-OpenSSH_2.9p2', 'not affected', 'SSH-1.5-OpenSSH_3.0p1', 'not affected', 'SSH-1.5-OpenSSH-2.1', 'affected', 'SSH-1.99-OpenSSH_2.1.1', 'affected', 'SSH-1.99-OpenSSH_2.2.0', 'affected', 'SSH-1.99-OpenSSH_2.2.0p1', 'affected', 'SSH-1.99-OpenSSH_2.3.0', 'not affected', 'SSH-1.99-OpenSSH_2.3.0p1', 'not affected', 'SSH-1.99-OpenSSH_2.5.1', 'not affected', 'SSH-1.99-OpenSSH_2.5.1p1', 'not affected', 'SSH-1.99-OpenSSH_2.5.1p2', 'not affected', 'SSH-1.99-OpenSSH_2.5.2p2', 'not affected', 'SSH-1.99-OpenSSH_2.9.9p2', 'not affected', 'SSH-1.99-OpenSSH_2.9', 'not affected', 'SSH-1.99-OpenSSH_2.9p1', 'not affected', 'SSH-1.99-OpenSSH_2.9p2', 'not affected', 'SSH-1.99-OpenSSH_3.0p1', 'not affected',
-- __________________________________________ J.Andersen
Also, there are good reasons to support ssh v1 as a fallback. Many Windoze ssh clients (TTssh, etc) don't support ssh v2 yet.
This is a serious problem folks, if you have a vulnerable version and you are connected to the Internet, the chances are you will get rOOteD.
Regards, Lew Wolfgang
What good reason is good enough to get rOOteD. Choose putty e.g instead of TTssh -- Protocol 2,1 ++ Protocol 2 http://www.chiark.greenend.org.uk/~sgtatham/putty/ hEhO Michael
On Wed, 21 Nov 2001, Lewis E. Wolfgang wrote: hi,
Hi Folks,
Washington University has a nice analysis of the ssh "crc32" vulnerability at staff.washington.edu/dittrich/misc/ssh-analysis.txt.
I've included a list of the various ssh versions and their vulnerability status. Note: Not all ssh v1 servers are affected. For example, the ssh v1 fallback for OpenSSH_2.3.0 and newer are okay.
You can determine what version you are using by telnetting to the computer in question on port number 22. For example:
telnet somehost.somedomain.com 22 This is not correct. Some fixed sshd's still welcome the client with the old banner. Theres no way to see whether or not the remote sshd is vulnerable to crc32 overflow by just looking at the banner.
will give you a welcome banner identifying the version of the server. I'm not sure if telnetting like this works on Windoze boxes, you might have to RTFM.
Also, there are good reasons to support ssh v1 as a fallback. Many Windoze ssh clients (TTssh, etc) don't support ssh v2 yet.
This is a serious problem folks, if you have a vulnerable version and you are connected to the Internet, the chances are you will get rOOteD.
Regards, Lew Wolfgang
Version Table from Washington University
'SSH-1.4-1.2.13', 'not affected', 'SSH-1.4-1.2.14', 'not affected', 'SSH-1.4-1.2.15', 'not affected', 'SSH-1.4-1.2.16', 'not affected', 'SSH-1.5-1.2.17', 'not affected', 'SSH-1.5-1.2.18', 'not affected', 'SSH-1.5-1.2.19', 'not affected', 'SSH-1.5-1.2.20', 'not affected', 'SSH-1.5-1.2.21', 'not affected', 'SSH-1.5-1.2.22', 'not affected', 'SSH-1.5-1.2.23', 'not affected', 'SSH-1.5-1.2.24', 'affected', 'SSH-1.5-1.2.25', 'affected', 'SSH-1.5-1.2.26', 'affected', 'SSH-1.5-1.2.27', 'affected',
This for example. The fixed version still says it's SSH-1.5-1.2.27. Sebastian -- ~ ~ perl self.pl ~ $_='print"\$_=\47$_\47;eval"';eval ~ krahmer@suse.de - SuSE Security Team ~
On Thu, 22 Nov 2001, Sebastian Krahmer wrote:
This is not correct. Some fixed sshd's still welcome the client with the old banner. Theres no way to see whether or not the remote sshd is vulnerable to crc32 overflow by just looking at the banner.
Hi Sebastian, While you are techically correct, looking at the banner is what the black-hats are doing to determine if they should spend more time on you. It's also what large organizations are scanning for to try to guage their level of vulnerability. I agree that you can get in trouble for depending only on this data. For example, some of the crackers will replace the sshd1 binary with one of their own that identifies itself as SSH-1.5-1.2.32, but still has a backdoor for them to easily regain access. Please note that they will try to disguise their handiwork by changing the mtime of the binary to match the rest of your ssh system. Thus, if there is any doubt at all about your vulnerability, you should reload your ssh package from known-good sources. Even then it might be too late if you were hacked and other backdoors were installed before you updated your ssh. Please understand, I'm not picking on SuSE. You guys have done a great job and were on top of this problem right from the start. It's just that many older installations that didn't include a vendor packaged ssh are still out there. Many of them have been hacked by now and don't even know it. This affects not only Linux, but Sun Solaris too. Maybe more. Probably, the best thing for most folks to do is to upgrade their entire distribution(s), there are other vulnerabilities that are worth worrying about too. Regards, Lew Wolfgang
participants (6)
-
John Andersen -
Lewie Wolfgang -
Lewis E. Wolfgang
-
Michael Appeldorn -
Roman Drahtmueller -
Sebastian Krahmer