CERT warns of SSH protocol flaws

Users of the Secure Shell protocol (SSH) should update their software following the discovery of a series of flaws that could...

Users of the Secure Shell protocol (SSH) should update their software following the discovery of a series of flaws that could compromise security.

SSH is a protocol found on most major operating systems including Windows and Unix.

The warning comes from CERT (Computer Emergency Response Team) Co-ordination Centre, the authoritative security advisory service run by Carnegie Mellon University in the US.

SSH has been plagued by problems, with the latest difficulties concerning the way software handles communications data.

The advisory describes multiple vulnerabilities in SSH implementations that include "buffer overflows", in which a program or a process used by a program is forced to store more data in a buffer (a temporary data storage area) than it was intended to hold.

Problems were also identified with the way that many SSH transport layer protocol implementations handle data elements with incorrect length specifiers, lists of data containing empty elements, and strings of characters containing "null" or empty characters.

These flaws could enable remote attackers to crash the SSH client or server application - a denial of service attack - or place and execute code on the machine running the vulnerable software.

Because SSH servers run with system or root-level privileges on both Windows and Unix systems, attackers exploiting SSH server vulnerabilities would be able to take advantage of those elevated privileges when carrying out their attack.

In most cases, however, attackers exploiting the vulnerabilities on SSH clients would only inherit the permission level of the user who started the client application, CERT said.

Some leading vendors, including Cisco and NetScreen Technologies, said their products did not contain the transport layer protocol vulnerabilities.

SSH products containing the vulnerabilities include some versions of SecureShell by Pragma Systems, SecureNetTerm by Intersoft International and SSH products by F-Secure.

These and other vendors with vulnerable products have issued information on obtaining software upgrades or patches that close the security holes, as did other companies with vulnerable products.

CERT recommended applying the appropriate patch or software upgrade provided by your software vendor to remove the SSH vulnerabilities.

In the absence of a software fix, customers can use firewalls or packet filtering systems to limit access to SSH servers, while limiting SSH clients to connections with trusted SSH servers by IP (Internet Protocol) address, according to CERT.


Read more on Hackers and cybercrime prevention