Tatu Ylonen (ylo@ssh.fi)
Mon, 2 Nov 1998 10:33:29 +0200 (EET)
-----BEGIN PGP SIGNED MESSAGE-----
As the original author of SSH I want to comment on the rumored
vulnerabilities.
I have personally looked into the claimed vulnerabilities, including
the ones reported by IBM, and do not have any reason to assume that
there would be any vulnerability in ssh-1.2.26. NO SUCH VULNERABILITY
IS KNOWN.
I repeat, I KNOW OF NO VULNERABILITY IN SSH-1.2.26.
The IBM-ERS report on ssh vulnerability turned out to be false alert.
They could not reproduce it after they recompiled their ssh and linux
kernel.
I have personally checked all places where ssh displays debugging
messages, log messages, or otherwise uses functions like sprintf. I
was unable to find any vulnerabilities.
I have talked to people at both CERT and the IBM emergency response
service and none of them seems to have any knowledge of any
vulnerability in SSH.
In summary, to my best knowledge, ssh-1.2.26 can be safely used.
Please communicate this information to the relevant people.
Brief history of events:
- On October 28, the rootshell.com home page was defaced by
hackers. After the host was brought up to date, their front page
contained information that listed the services that had been
active, and mentioned that entry may have been made with ssh.
(Note that this does not by itself indicate anything; password or
other authentication may have been obtained at the other end)
- On October 29, a message about the rootshell case is posted to
bugtraq and possibly other mailing lists. Many people took this
as indication of a vulnerability in ssh.
- We looked at the rootshell case, and found no cause for alarm, but
decided to be watching.
- On October 30, IBM sent an draft advisory reporting a buffer overflow
vulnerability that could be used to gain root access to any host
running ssh from anywhere on the Internet. The draft advisory was
sent to at least CERT, FIRST, ssh-bugs, and a few other places.
- On october 30, several major computer manufacturers and their
offices around the world were advising their customers to follow
the situation, and possibly disable ssh for now. Some CERTs
around the world issued preliminary alerts to their most important
sites.
- I learn of the IBM advisory on October 31 at 2 AM. By 6 AM I've
talked to both CERT and IBM Emergency Response Team, checked the
code claimed to be at fault (finding no problem), and no-one seems
to have any concrete information, and we conclude there is no
cause for immediate alarm.
- By November 1, the IBM researchers who found the vulnerability in
the IBM draft advisory have been reached. One of them says he
never saw an exploit, and the other first said he had an exploit
and he was going to send it over shortly, and the next day he said
that he could no longer reproduce the problem after recompiling
ssh. He does not appear to have an exploit after all.
- I've personally gone through all places where ssh1 passes
information to sprintf, log_msg, or any other functions using
sprintf. I found no security problems. I found one place where
an argument to a format string was missing, but it is probably not
exploitable, and one place where one byte less was allocated for a
string than was used (only appears on Solaris). Neither of these
have security consequences or are cause for alarm.
- On November 1, the IBM announcement for which IBM has already issued
a cancellation is widely distributed by rootshell through their
announcement list.
- Now at Morning November 2, I'm convinced (>99% sure) that both
the rootshell issue and the IBM draft advisory were false alerts.
We are also trying to track down the linux compilation problem that
may have caused the false alert behind the IBM advisory. We will
issue an announcement as soon as possible if real vulnerability is
found.
For more information, please keep tracking
http://www.ssh.fi/sshprotocols2.
Best regards,
Tatu Ylonen <ylo@ssh.fi>
- --
SSH Communications Security http://www.ssh.fi/
SSH IPSEC Toolkit http://www.ipsec.com/
Free Unix SSH http://www.ssh.fi/sshprotocols2/
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
iQCVAwUBNj1tbqkZxfGWH0o1AQEaLwP+LPhkCOGFs30gfbyjMLLMkNp03OOfpALJ
uwqBvLPIntIWhHbjq1GF9D3hekyQ3PdiC+5SEBfFBj1xlAg1SPROJ2JV5d2QHuPm
B39j3YuQSJT5j/QXN0nkbP7ll9UoPJ9eMWBQvd5Hgf//eAk6ccns4fUqensMypeR
9J3O2JQG6ow=
=gesm
-----END PGP SIGNATURE-----
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:17:17