Cert warns of Unix and Linux vulnerability

The Cert Co-ordination Centre is warning users about a serious security vulnerability in many leading Unix and Linux operating...

The Cert Co-ordination Centre is warning users about a serious security vulnerability in many leading Unix and Linux operating systems.

A flaw in the OpenSSH (Secure Shell) that could enable a remote attacker to run malicious code or launch a denial-of-service attack against machines running the popular suite of secure network connectivity tools.

In addition to Unix and Linux operating systems that ship with OpenSSH, some hardware devices, such as network routers and switches, use the popular package.

They too will need to be patched, according to Dan Ingevaldson, engineering manager of Internet Security Systems' (ISS's) X-Force security group.

OpenSSH is a common tool used by network administrators to communicate remotely with hardware devices, replacing earlier communications tools such as telnet and rlogin (remote login) that sent communications back and forth in an unencrypted form.

The exploitable flaw is in the buffer management function of OpenSSH software before version 3.7 and could make it possible for remote attackers to cause a buffer overflow on vulnerable machines, according to a Cert advisory.

Attackers would need to modify certain OpenSSH parameters and send extra large SSH data packets, perhaps larger than 10Mbytes, to vulnerable machines to create the buffer overflow, Ingevaldson said.

ISS recently discovered the problem and was researching it internally.

However, the company's work was pre-empted by others on the internet who had also discovered the flaw and began discussing it on public security news groups. That prompted ISS to issue its warning and contact the OpenBSD project, which manages OpenSSH, about the problem.

ISS has not developed and does not know of any software code that takes advantage of the new flaw, but the popularity of OpenSSH makes the vulnerability attractive to malicious hackers.

The OpenBSD project security alert and a new version, 3.7.1, can be found at http://www.openssh.com/txt/buffer.adv

Paul Roberts writes for IDG News Service

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.