SSH opens computers to attack

The protocol for securely accessing servers contains bugs that could allow attackers to crash or take over SSH-equipped servers and clients

Vulnerabilities have been found in multiple SSH implementations that could allow an attacker to execute code or create a denial of service on servers and clients, according to an advisory from CERT, a security alert service.

SSH is a shell protocol widely used by system administrators to access servers while keeping all transmissions, including passwords, encrypted.

The vulnerabilities were located by security software company Rapid7 using an SSH test suite named "SSHhredder", according to CERT. These include buffer overflows and occur before a user is required to authenticate, meaning that they are accessible to any attacker.

The attacks would execute at the security level at which the SSH process is running, which is normally a highly privileged level -- System on Windows, and root on Unix systems.

Rapid7 said that several vendors' SSH implementations were vulnerable, including those of SSH Communications Security, F-Secure, Pragma Systems, PuTTY, FiSSH, ShellGuard, and WinSCP. However, SSH and F-Secure, as well as Cisco Systems, Cray, Fujitsu, IBM, Netscreen Technologies, OpenSSH, VanDyke Software and LSH all said that their own testing showed that their software was not vulnerable.

Only Pragma Systems and PuTTY confirmed that some software was affected. PuTTY said that version 0.53b of its software addressed the issue. Pragma said that versions 2.0 and 3.0 of Pragma SecureShell were affected, and that it had corrected the issue in version 3.0. The company is offering its customers an upgrade to the fixed version.

The most widely used implementation, OpenSSH, is not vulnerable.

CERT's original advisory is available on the organisation's Web site.

For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Security News Section.

Have your say instantly, and see what others have said. Go to the Security forum.

Let the editors know what you think in the Mailroom.