Does anyone know anything about this "0-day" ssh vulnerability?

Thu Jul 9 07:13:56 EST 2009

* [2009-07-08 21:31:24 +1000] Damien Miller wrote:

>> Hi all. I've looked at the archives and it seems to be quiet regarding
>> this supposed "0-day" openssh vulnerability and I'm wondering if
>> anyone here may have some insight or further information regarding it.
>>
>> We've been monitoring things and the amount of speculative info flying
>> around is incredible. Some claim it's the CPNI-957037 issue, thus
>> affecting <5.2, others are indicating it's the unsafe signal handler
>> issue fixed in 4.4.
>>
>> Granted, Red Hat does ship with a patched 4.3, but we have corrected
>> all issues that we know to have existed with 4.3. And the veracity of
>> the supposed "logs" are sketchy at best.
>
>I don't have any non-public information. I have exchanged some emails
>with one of the victims of the alleged sshd 0day, but he was not able to
>provide any evidence that the attack was sshd-related. In particular, I
>spent some time analysing a packet trace that he provided, but it seems
>to consist of simple brute-force attacks.

That's what we were suspecting as well, based on looking at the public
pcap dump that was noted.

>So, I'm not pursuaded that an 0day exists at all. The only evidence so
>far are some anonymous rumours and unverifiable intrusion transcripts.

Ok, thanks for that.  One particular hosting company seems to be tossing
around "inside info" and development of a patch, and so on, which is
making all of this worse.

>Speculating as to what an exploit, should it exist, might consist of:
>
>The two issues of note that have been fixed since openssh-4.3 are the
>aforementioned signal race (in 4.4) and a privsep signature verification
>weakness (in 4.5). I doubt that it is the race condition as not even
>Mark Dowd was able to make an working exploit from it. The privsep
>weakness could be used to escalate privilege out of some other unknown
>flaw, but it would not grant access by itself.
>
>It is certainly not the CBC mode side-channel attack reported by CPNI;
>it is only useful to a MITM under quite tight constraints and wouldn't
>be useful to attack a server blindly.
>
>If the attack doesn't work against a more recent version of OpenSSH,
>then it is possible that we fixed it incidentally while making some
>other change or that we did not realise some bug as exploitable. I'm
>sure that someone sufficiently interested could crawl through the diffs
>from openssh-4.3 to 5.2 and cast a fresh set of eyes over each change
>- they might get the bragging rights of being the first to disclose an
>exploitable remote sshd bug in quite a few years :)

Thanks for all that info, Damien.  Very much appreciated.

-- 
Vincent Danen / Red Hat Security Response Team 