confusion over RSAref vul w/OpenSS[HL]

Niels Provos provos at citi.umich.edu
Sun Dec 5 09:51:26 EST 1999 

In message <m3g0xi2yqf.fsf at yakko.wtower.com>, Chris Saia writes:
>  messages, I  can't figure out  whether I need   to update OpenSSL (a
>  check of their website indicates no  new patches), OpenSSH, both, or
You need to update OpenSSL if you use it with RSAREF2.  I just sent 
the following email to Bugtraq:

Subject: Re: Security Advisory: Buffer overflow in RSAREF2 
From: Niels Provos <provos at citi.umich.edu>
In-Reply-To: Gerardo Richarte, Thu, 02 Dec 1999 16:50:46 -0300
To: Gerardo Richarte <core.lists.bugtraq at CORE-SDI.COM>
Cc: BUGTRAQ at SECURITYFOCUS.COM
Date: Sat, 04 Dec 1999 17:45:20 -0500
Sender: provos at citi.umich.edu

In message <3846CC26.513CE96F at core-sdi.com>, Gerardo Richarte writes:
>	To make this clear: in combination with the buffer overflow in rsaglue.
>c this makes possible to get
>a remote shell on a machine running sshd AND it also makes possible to use a r
>everse exploit to gain access on
>clients' machines, using malicious sshd.

I fear that this posting should have been even clearer.
To sum the problem up more clearly:

ssh-1.2.27 (if compiled with RSAREF2) is vulnerable.  Attackers can
obtain a shell on the machine running sshd.  The exploit uses buffer
overflows in the RSAREF2 implementation AND in the rsaglue.c file in
ssh-1.2.27.  I am surprised that there wasnt a bigger outrage on the
mailing list about this, it is quite serious!!!

On the other hand, OpenSSH is not vulnerable to this remote exploit.
Since rsaglue.c was rewritten, OpenSSH does stricter parameter
checking than ssh-1.2.27 and these recent problems in ssh-1.2.27 did
NOT affect OpenSSH.

Nonetheless, OpenSSH users in the USA that use OpenSSL compiled with
RSAREF2 should update their ssl library (since isakmpd or httpd may be
affected), see previous postings on Bugtraq, and
http://www.openbsd.org/errata.html#sslUSA

Another thing is worth mentioning, RSA could use the buffer overflow
in RSAREF2 to scan machines in the USA for RSA license violation.  For
example, sshds that do not use RSAREF2 do will behave differently than
those that do.

Information on OpenSSH can be found at http://www.openssh.com/
Infomration on OpenSSL can be found at http://www.openssl.org/

More information about the openssh-unix-dev mailing list