The Cert Co-ordination Centre is warning users about a
serious security vulnerability in many leading Unix and Linux
operating systems.A flaw in the OpenSSH (Secure Shell) that
could enable a remote attacker to run malicious code or launch a
denial-of-service attack against machines running the popular suite
of secure network connectivity tools.
In addition to Unix and Linux operating
systems that ship with OpenSSH, some hardware devices, such as
network routers and switches, use the popular package.
They too will need to be patched, according to
Dan Ingevaldson, engineering manager of Internet Security Systems'
(ISS's) X-Force security group.
OpenSSH is a common tool used by network
administrators to communicate remotely with hardware devices,
replacing earlier communications tools such as telnet and rlogin
(remote login) that sent communications back and forth in an
unencrypted form.
The exploitable flaw is in the buffer
management function of OpenSSH software before version 3.7 and
could make it possible for remote attackers to cause a buffer
overflow on vulnerable machines, according to a Cert advisory.
Attackers would need to modify certain OpenSSH
parameters and send extra large SSH data packets, perhaps larger
than 10Mbytes, to vulnerable machines to create the buffer
overflow, Ingevaldson said.
ISS recently discovered the problem and was
researching it internally.
However, the company's work was pre-empted by
others on the internet who had also discovered the flaw and began
discussing it on public security news groups. That prompted ISS to
issue its warning and contact the OpenBSD project, which manages
OpenSSH, about the problem.
ISS has not developed and does not know of any
software code that takes advantage of the new flaw, but the
popularity of OpenSSH makes the vulnerability attractive to
malicious hackers.
The OpenBSD project security alert and a new
version, 3.7.1, can be found at
http://www.openssh.com/txt/buffer.adv
Paul Roberts writes for IDG News Service