just to be sure everyone knows. pedro
> -----Original Message----- > From: X-Force [mailto:[EMAIL PROTECTED]] > Sent: ter�a-feira, 30 de Outubro de 2001 19:58 > To: [EMAIL PROTECTED] > Subject: ISSalert: ISS Security Advisory: Widespread > Exploitation of SSH > CRC32 Compensation Attack > > > > TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your > message to > [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with > any problems! > -------------------------------------------------------------- > ------------- > > -----BEGIN PGP SIGNED MESSAGE----- > > Internet Security Systems Security Alert > October 30, 2001 > > Widespread Exploitation of SSH CRC32 Compensation Attack > > Synopsis: > > Internet Security Systems (ISS) X-Force has learned of extensive > exploitation of a serious Secure Shell (SSH) remote > vulnerability. This > vulnerability may allow remote attackers to execute arbitrary > code on a > target system without any specific knowledge of that host. An advanced > exploit for this vulnerability exists and is being used in the wild. > The serious nature of this vulnerability is compounded by the > confusing > nature of SSH product versions and patches. > > Affected Versions: > > Cisco Catalyst 6000 6.2(0.110) > Cisco IOS 12.0S > * Cisco IOS 12.1xx-12.2xx > Cisco PIX Firewall 5.2(5) > Cisco PIX Firewall 5.3(1) > SSH Communications Security SSH 2.x and 3.x (if SSH Version 1 fallback > is enabled) > SSH Communications Security SSH 1.2.23-1.2.31 > F-Secure SSH versions prior to 1.3.11-2 > OpenSSH versions prior to 2.3.0 (if SSH Version 1 fallback is enabled) > OSSH 1.5.7 > > * Note: Please refer to the Cisco Security Advisory in the > "Additional > Information" section of this alert. > > Description: > > A serious vulnerability in the SSH daemon (sshd) affecting > most current > sshd versions was reported in February 2001. Different implementations > of the SSH protocol are listed in the "Affected Versions" section. > Maintainers of vulnerable SSH versions issued patches soon after the > vulnerability was made public. > > The vulnerability exists in affected SSH versions when integer > calculations are not handled correctly, resulting in a buffer overflow > condition. Exploitation of this vulnerability at the time was > considered > extremely difficult, but not technically impossible. > > X-Force has learned of extensive scanning for vulnerable SSH servers. > Lists of vulnerable servers would be extremely easy for attackers to > gather. The version information can be obtained by making a connection > is made to port 22 of sshd, which will display a banner with SSH > version information. > > The problem is compounded by the fact that newer and > non-vulnerable SSH > servers can be installed in conjunction with older, vulnerable sshd > daemons to handle legacy SSH Version 1 connections. It is important to > note that upgrading to a new SSH Version 2 daemon may not patch this > vulnerability. Please refer to the "Affected Versions" > section for more > information. > > Recommendations: > > ISS X-Force recommends that security and network > administrators examine > their SSH configurations to determine if patching is necessary and if > SSH Version 1 connection fallback is still enabled. X-Force recommends > upgrading to new SSH Version 2 support if possible. If SSH > Version 1 is > not used, disable fallback and remove old sshd Version 1 binaries. > Please refer to your vendor to obtain patch and upgrade information. > > Cisco: http://www.cisco.com > > OpenSSH: http://www.openssh.com > > SSH Communications Security: http://www.ssh.com > > F-Secure: http://www.f-secure.com/support/ssh/ > > ISS X-Force recommends using the RealSecure Network Sensor signature > "SSH_Detected" to help detect port scans or attempts to exploit the > vulnerability. Refer to the "Client Raw Data" and "Software Version" > fields in the event inspector to identify connections to vulnerable > SSH servers. > > An Internet Scanner FlexCheck will be available soon to detect this > vulnerability. The FlexCheck will be available at the following URL: > https://www.iss.net/cgi-bin/download/customer/download_product.cgi > > ISS X-Force will provide specific detection and assessment support for > this vulnerability in upcoming X-Press Updates for RealSecure Network > Sensor and Internet Scanner. > > Additional Information: > > Remote vulnerability in SSH daemon crc32 compensation attack detector > http://razor.bindview.com/publish/advisories/adv_ssh1crc.html > > Cisco Security Advisory: Multiple SSH Vulnerabilities > http://www.cisco.com/warp/public/707/SSH-multiple-pub.html > > OpenSSH Security > http://www.openssh.com/security.html > > ______ > > About Internet Security Systems (ISS) > Internet Security Systems is a leading global provider of security > management solutions for the Internet, protecting digital assets and > ensuring safe and uninterrupted e-business. With its industry-leading > intrusion detection and vulnerability assessment, remote managed > security services, and strategic consulting and education > offerings, ISS > is a trusted security provider to more than 8,000 customers worldwide > including 21 of the 25 largest U.S. commercial banks and the > top 10 U.S. > telecommunications companies. Founded in 1994, ISS is headquartered in > Atlanta, GA, with additional offices throughout North America and > international operations in Asia, Australia, Europe, Latin America and > the Middle East. For more information, visit the Internet Security > Systems web site at www.iss.net or call 888-901-7477. > > Copyright (c) 2001 Internet Security Systems, Inc. All rights reserved > worldwide. > > Permission is hereby granted for the redistribution of this Alert > electronically. It is not to be edited in any way without express > consent of the X-Force. If you wish to reprint the whole or any part > of this Alert in any other medium excluding electronic medium, please > e-mail [EMAIL PROTECTED] for permission. > > Disclaimer > > The information within this paper may change without notice. Use of > this information constitutes acceptance for use in an AS IS condition. > There are NO warranties with regard to this information. In no event > shall the author be liable for any damages whatsoever arising > out of or > in connection with the use or spread of this information. Any use of > this information is at the user's own risk. > > X-Force PGP Key available at: http://xforce.iss.net/sensitive.php > as well as on MIT's PGP key server and PGP.com's key server. > > Please send suggestions, updates, and comments to: X-Force > [EMAIL PROTECTED] of Internet Security Systems, Inc. > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.3a > Charset: noconv > > iQCVAwUBO98FmDRfJiV99eG9AQFz/gP9Gppa6RAKM1/+j58IFWhmbOQJNwFXcLmF > c1kdtXkKTWgZImipysWOyeYVjmV5Sbw7Kb+KOwagUBWG6dDiYdoOfQY6+imIahUn > Rr0eErTe4i4fmWMgvViXvE8EhRNyo2QdKTlCP2fCJOKPTRAMUB3azMtrUhHcpVHe > UYvZO7lh99s= > =+846 > -----END PGP SIGNATURE----- > > _______________________________________________ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
