X
Business
Home Business Developer

SSH glitch gives 'skeleton key' to networks

A patch for the Unix remote management shell has been re-released after suggestions attackers have for months been exploiting the vulnerability to gain access to systems
Written by Patrick Gray, Contributor
A critical security flaw in SSH has been revealed that threatens servers worldwide.

SSH is a widely used encrypted remote management shell for Unix, Linux and BSD platforms. Experts say attackers have been exploiting the vulnerability to gain access to systems illegally for months.

What started as quiet mumblings and rumours turned into screaming warnings this week as the security community slowly learned of the threat. Chief hacking officer of US-based eEye Digital Security told ZDNet Australia by phone the vulnerability should be taken very seriously. "It's pretty close to a skeleton key to most networks," he said.

It's not uncommon for vulnerabilities in Unix-style systems to be exploited for months by the underground community, Maiffret said. "It's definitely happened in the past with SSH vulnerabilities... it's definitely a recurring theme for Unix vulnerabilities."

Security researcher Mark "Simple Nomad" Loveless, who works with BindView Corporation, doesn't doubt an exploit to the vulnerability is "in the wild". "It sounds like someone's got the exploit... a lot of people are claiming they have it, but it looks like some people actually do," he said during a phone interview.

He says that all versions of OpenSSH running on all distributions of Linux and BSD are affected, excluding those that have patched very recently to version 3.7.1. Loveless says there's actually two vulnerabilities in the software. "[Version] 3.7 was released early this morning, and then 3.7.1 was released about a couple of hours ago," he said. "The thing was just the way the two bugs work.... It looks like the first one was probably fixed with 3.7 and the other one was fixed with 3.7.1."

There are, however, suggestions that some mitigating factors may apply. "There are rumours going around that you need to allow remote root SSH login for the exploit to work," he said. "That's the thing, there are all these rumours going around."

Loveless says people should patch to 3.7.1 as soon as they can. "Exploit code will surface within hours," he warned.

CERT has released an advisory, but it was released prior to the release of the 3.7.1 version upgrade. The OpenSSH patch and advisory has been updated. "All versions of OpenSSH's sshd prior to 3.7.1 contain buffer management errors. It is uncertain whether these errors are potentially exploitable, however, we prefer to see bugs fixed proactively," it reads.

Editorial standards
Show Comments

Related

Anker Solix X1

Not into the Tesla Powerwall? You can now buy the Anker Solix X1

pxl-20240424-181716738

Facebook's Meta AI is lying when it says you can disable it - but here's what you can do

Placeholder product image alt text

The best AI image generators to try right now