Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2001.262 -- Cisco Security Advisory Multiple SSH vulnerabilities 28 June 2001 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: SSH Vendor: Cisco Systems Operating System: Cisco IOS Cisco CatOS Cisco PIX Firewall Impact: Execute Arbitrary Code/Commands Access Privileged Data Access Required: Remote - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Security Advisory: Multiple SSH vulnerabilities Revision 1.0 - INTERIM For public release 2001 June 27 08:00 (UTC -0800) _________________________________________________________________ Summary Three different Cisco product lines are susceptible to multiple vulnerabilities in the Secure Shell (SSH) protocol. These issues are inherent to the SSH protocol version 1.5, which is implemented in several Cisco product lines. By exploiting the weakness in the SSH protocol, it is possible to insert an arbitrary commands into an established SSH session, collect information that may help in brute force key recovery, or brute force a session key. Affected product lines are: All devices running Cisco IOS software supporting SSH. That includes routers and switches running Cisco IOS. Catalyst 6000 switches running CatOS. Cisco PIX Firewall. No other Cisco products are vulnerable. It is possible to mitigate this vulnerability by preventing, or having a control over, interception of SSH traffic. This advisory will be available at http://www.cisco.com/warp/public/707/SSH-multiple-pub.html Affected Products The following table depicts the affected products categories. +---------------+-----------------+-------------------+----------------+ | | CRC-32 check | Traffic analysis | Key recovery | +---------------+-----------------+-------------------+----------------+ |IOS | Vulnerable | Vulnerable | Vulnerable | | | CSCdt96253 | CSCdt57231 | CSCdu37371 | +---------------+-----------------+-------------------+----------------+ |PIX | Vulnerable | Not vulnerable | Not vulnerable | | | CSCdt73353 | | | +---------------+-----------------+-------------------+----------------+ |VPN3000 | Not vulnerable | Not vulnerable | Not vulnerable | +---------------+-----------------+-------------------+----------------+ |Catalyst 6000 | Vulnerable | Vulnerable | Not vulnerable | | | CSCdt72996 | CSCdt55357 | | +---------------+-----------------+-------------------+----------------+ Per product category, the following software releases are vulnerable: +--------+---------------------------------------------------------------+ |IOS | All 12.0, and upwards, releases that conatins support for SSH.| +--------+---------------------------------------------------------------+ |PIX | 5.2(5) and 5.3.(1) | +--------+---------------------------------------------------------------+ |CatOS | 6.2(0.110) | +--------+---------------------------------------------------------------+ |VPN3000 | Not vulnerable | +--------+---------------------------------------------------------------+ Details An implementation of SSH in multiple Cisco products are vulnerable to three different vulnerabilities. These vulnerabilities are: CRC-32 integrity check vulnerability This vulnerability has been described in a CORE SDI S.A. paper entitled "An attack on CRC-32 integrity checks of encrypted channels using CBC and CFB modes", which can be found at http://www.core-sdi.com/soft/ssh/ssh.pdf In order for this attack to succeed, an attacker must possess one or two known chipertext/plaintext pairs. This should not be difficult since every session starts with a greeting screen which is fixed and which can be determined. This also implies that an attacker must be somewhere along the session path in order to be able to sniff the session and collect corresponding chipertext. For further technical details, see http://www.core-sdi.com/soft/ssh/ssh.pdf. Traffic analysis This issue has been described in an analysis made by Solar Designer. It can be found at http://www.securityfocus.com/archive/1/169840, and is entitled "Passive Analysis of SSH (Secure Shell) Traffic". To exploit this vulnerability, an attacker must be able to capture packets. When sending a packet using the SSH protocol, it is padded to the next 8-byte boundary, but the exact len of the data (without the padding) is sent unencrypted. The timing between packets may yield additional information, such as the relative position of a letter on the keyboard, but that depends on overall jitter in the network and the typing habits of the person. For additional information, please see http://www.securityfocus.com/archive/1/169840. Key recovery in SSH protocol 1.5 This has been discovered by CORE SDI S.A. and the paper describing it can be viewed at http://www.securityfocus.com/archive/1/161150. The subject line is "SSH protocol 1.5 session key recovery vulnerability". In order to exploit this vulnerability, an attacker must be able to sniff the SSH session and must be able to establish a connection to the SSH server. In order to recover the server key, an attcker must perform an additional 2^20+2^19=1572864 connections. Since the key has a lifespan of about an hour, this means that an attacker must perform around 400 connections per second. For further details, please conslut http://www.securityfocus.com/archive/1/161150. Impact CRC-32 integrity check vulnerability By exploiting this protocol weakness, the attacker can insert arbitrary commands in the session after the session has been established. Traffic analysis This vulnerability exposes the exact lengths of the passwords used for login authentication. This is only applicable to an interactive session that is being established over the tunnel protected by SSH. This can significantly help an attacker in guessing the password using the brute force attack. Key recovery in SSH protocol 1.5 This vulnerability may lead to the compromise of the session key. Once the session key is determined, the attacker can proceed to decrypt the stored session using any implementation of the crypto algorithm used. This will reveal all information in an unencrypted form. Software Versions and Fixes Following software releases contains fixes for all vulnerabilities. For Catalyst 6000 switches all vulnerabilities are fixed in the following CatOS releases. +---------+--------------------------------------------------------------+ | CatOS | 6.1(2.13), 6.2(0.111) and 6.3(0.7)PAN | +---------+--------------------------------------------------------------+ Each row of the table describes a release train and the platforms or products for which it is intended. If a given release train is vulnerable, then the earliest possible releases that contain the fix and the anticipated date of availability for each are listed in the "Rebuild", "Interim", and "Maintenance" columns. A device running any release in the given train that is earlier than the release in a specific column (less than the earliest fixed release) is known to be vulnerable, and it should be upgraded at least to the indicated release or a later version (greater than the earliest fixed release label). When selecting a release, keep in mind the following definitions: Maintenance Most heavily tested and highly recommended release of any label in a given row of the table. Rebuild Constructed from the previous maintenance or major release in the same train, it contains the fix for a specific defect. Although it receives less testing, it contains only the minimal changes necessary to effect the repair. Interim Built at regular intervals between maintenance releases and receive less testing. Interims should be selected only if there is no other suitable release that addresses the vulnerability, and interim images should be upgraded to the next available maintenance release as soon as possible. Interim releases are not available via manufacturing, and usually they are not available for customer download from CCO without prior arrangement with the Cisco TAC. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco TAC for assistance as shown in the following section. More information on IOS release names and abbreviations is available at http://www.cisco.com/warp/public/620/1.html. For PIX Firewall software, use the following table to determine affected and fixed software releases. +------+----------------------+--------------------------------------------+ |Train |Description of Image | Availability of Fixed Releases* | | | or Platform | | +------+----------------------+-------------------------+------------------+ | 5.x-based Releases |Rebuild Interim** | Maintenance | +-----+-----------------------+---------+---------------+------------------+ | | | | 5.2(5)203 | 5.2.(6) | | 5.2 | Early Deployment (ED) | |Available | Available in | | | for all platforms | |through TAC | August | +-----+-----------------------+---------+---------------+------------------+ | | | |5.3(1)202 | 5.3.(1) | | 5.3 | Early Deployment (ED) | |Available | Available in | | | for all platforms | |through TAC | August | +-----+-----------------------+---------+---------------+------------------+ | 6.x-based Releases Rebuild | Interim** | Maintenance | +-----+-----------------------+---------+---------------+------------------+ | 6.0 | Early Deployment (ED) | | | 6.0(1) | | | for all platforms | | | Available | +-----+-----------------------+---------+---------------+------------------+ For Cisco IOS, use the following table to determine affected and fixed software releases. +---------------+----------------+-----------------------------------------+ | | Description of | | | Train | Image or | Availability of Fixed Releases* | | | Platform | | +---------------+----------------+-------------+------------+--------------+ | 12.0-based Releases | Rebuild | Interim** | Maintenance | +---------------+----------------+-------------+------------+--------------+ | |General | | | | | 12.10S |deployment | | |12.0(18)S | | |release for all | | |2001-July | | |platforms | | | | +---------------+----------------+-------------+------------+--------------+ | 12.1-based Releases | Rebuild | Interim** | Maintenance | +---------------+----------------+-------------+------------+--------------+ | |General | | | 12.1 |deployment | SSH not supported | | |release for all | | | |platforms | | +---------------+----------------+-----------------------------------------+ | 12.1AA |Dial support | SSH not supported | +---------------+----------------+-----------------------------------------+ | |Core/ISP | | | 12.1CX |support: GSR, | SSH not supported | | |RSP, c7200 | | +---------------+----------------+-----------------------------------------+ | 12.1DA |xDSL support: | SSH not supported | | |6100, 6200 | | +---------------+----------------+-------------+------------+--------------+ | |Cisco IOS | | | | | |Software Release| | | | | |12.1(1)DB | | | | | 12.1DB |supports Cisco's| | | | | |6400 Universal | | | | | |Access | | | | | |Concentrator | | | | +---------------+----------------+-------------+------------+--------------+ | |Cisco IOS | | | | | |Software Release| | | | | |12.1(1)DC | | | | | 12.1DC |supports Cisco's| | | | | |6400 Universal | | | | | |Access | | | | | |Concentrator | | | | +---------------+----------------+-------------+------------+--------------+ | |Core/ISP | | | | | 12.1E |support: GSR, | | |12.1(8a)E | | |RSP, c7200 | | |2001-Jul-09 | +---------------+----------------+-------------+------------+--------------+ | |12.1EC is being | | | | | |offered to allow| | | | | |early support of| | | | | |new features on | | | | | |the uBR7200 | | | | | 12.1EC |platform, as | |12.1(6.5)EC3| | | |well as future | | | | | |support for new | | | | | |Universal | | | | | |Broadband Router| | | | | |headend | | | | | |platforms. | | | | +---------------+----------------+-------------+------------+--------------+ | 12.1EX |Catalyst 6000 | | |12.1(8a)E | | |support | | |2001-Jul-09 | +---------------+----------------+-------------+------------+--------------+ | |Cat8510c, | | | | | 12.1EY |Cat8510m, | | |12.1(6)EY | | |Cat8540c, | | | | | |Cat8540m, LS1010| | | | +---------------+----------------+-------------+------------+--------------+ | |Early Deployment| | | | | 12.1EZ |(ED): special |12.1(6)EZ1 | | | | |image | | | | +---------------+----------------+-------------+------------+--------------+ | |Early | | | |Deployment(ED): |Not Scheduled | | 12.1T |VPN, Distributed| | | |Director, +-----------------------------------------+ | |various |Upgrade recommended to 12.2(1b) | | |platforms | | +---------------+----------------+-------------+------------+--------------+ | |Early Deployment| | | | | 12.1XA |(ED): limited | | | | | |platforms | | | | +---------------+----------------+-------------+------------+--------------+ | |Early Deployment| | | | | 12.1XB |(ED): limited | | | | | |platforms | | | | +---------------+----------------+-------------+------------+--------------+ | |Early Deployment| | | | | 12.1XC |(ED): limited | | | | | |platforms | | | | +---------------+----------------+-------------+------------+--------------+ | |Early Deployment|Not Scheduled | | 12.1XD |(ED): limited +-----------------------------------------+ | |platforms |Upgrade recommended to 12.2(1b) | +---------------+----------------+-------------+------------+--------------+ | |Early Deployment| | | | | 12.1XE |(ED): limited | | | | | |platforms | | | | +---------------+----------------+-------------+------------+--------------+ | |Early Deployment| | | | | 12.1XF |(ED): 811 and |12.1(2)XF4 | | | | |813 (c800 |2001-July-09 | | | | |images) | | | | +---------------+----------------+-------------+------------+--------------+ | |Early Deployment| | | | | 12.1XG |(ED): 800, 805, |12.1(5)XG5 | | | | |820, and 1600 |2001-July-09 | | | +---------------+----------------+-------------+------------+--------------+ | |Early Deployment|Not Scheduled | | 12.1XH |(ED): limited +-----------------------------------------+ | |platforms |Upgrade recommended to 12.2(1b) | +---------------+----------------+-----------------------------------------+ | |Early Deployment|Not Scheduled | | 12.1XI |(ED): limited +-----------------------------------------+ | |platforms |Upgrade recommended to 12.2(1b) | +---------------+----------------+-----------------------------------------+ | |Early Deployment|Not Scheduled | | 12.1XJ |(ED): limited +-----------------------------------------+ | |platforms |Upgrade recommended to 12.1(5)YB4 | +---------------+----------------+-------------+------------+--------------+ | |Early Deployment| | | 12.1XK |(ED): limited | SSH not supported | | |platforms | | +---------------+----------------+-------------+------------+--------------+ | |Early Deployment|Not Scheduled | | 12.1XL |(ED): limited +-----------------------------------------+ | |platforms |Upgrade recommended to 12.2(1b) | +---------------+----------------+-------------+------------+--------------+ | |Short-lived | | | | | 12.1XM |early deployment|12.1(4)XM4 | | | | |release |2001-June-27 | | | +---------------+----------------+-------------+------------+--------------+ | |Early Deployment| | | | | 12.1XP |(ED): 1700 and |12.1(3)XP4 | | | | |SOHO | | | | +---------------+----------------+-------------+------------+--------------+ | |Short-lived |Not Scheduled | | 12.1XQ |early deployment+-----------------------------------------+ | |release |Upgrade recommended to 12.2(1b) | +---------------+----------------+-------------+------------+--------------+ | |Short-lived | | | | | 12.1XR |early deployment|12.1(5)XR2 | | | | |release | | | | +---------------+----------------+-------------+------------+--------------+ | |Short-lived | | | | | 12.1XS |early deployment| | | | | |release | | | | +---------------+----------------+-------------+------------+--------------+ | |Early Deployment| | | | | 12.1XT |(ED): 1700 |12.1(3)XT3 | | | | |series | | | | +---------------+----------------+-------------+------------+--------------+ | |Early Deployment| | | | | 12.1XU |(ED): limited |12.1(5)XU1 | | | | |platforms | | | | +---------------+----------------+-------------+------------+--------------+ | |Short-lived | | | | | 12.1XV |early deployment|12.1(5)XV3 | | | | |release |2001-July | | | +---------------+----------------+-------------+------------+--------------+ | |Short-lived | | | 12.1XW |early deployment| SSH not supported | | |release | | +---------------+----------------+-------------+------------+--------------+ | |Short-lived | | | 12.1XX |early deployment| SSH not supported | | |release | | +---------------+----------------+-------------+------------+--------------+ | |Short-lived | | | | | 12.1XY |early deployment|12.1(5)XY6 | | | | |release |2001-July | | | +---------------+----------------+-------------+------------+--------------+ | |Short-lived | | | 12.1XZ |early deployment| SSH not supported | | |release | | +---------------+----------------+-------------+------------+--------------+ | |Short-lived | | | | | 12.1YA |early deployment| | | | | |release | | | | +---------------+----------------+-------------+------------+--------------+ | |Short-lived | | | | | 12.1YB |early deployment|12.1(5)YB4 | | | | |release | | | | +---------------+----------------+-------------+------------+--------------+ | |Short-lived | | | | | 12.1YC |early deployment|12.1(5)YC1 | | | | |release | | | | +---------------+----------------+-------------+------------+--------------+ | |Short-lived | | | | | 12.1YD |early deployment|12.1(5)YD2 | | | | |release |2001-June-25 | | | +---------------+----------------+-------------+------------+--------------+ | |Short-lived | | | | | 12.1YF |early deployment|12.1(5)YF2 | | | | |release | | | | +---------------+----------------+-------------+------------+--------------+ | 12.2-based Releases | Rebuild | Interim** | Maintenance | +---------------+----------------+-------------+------------+--------------+ | |General | | | | | 12.2 |deployment |12.2(1b) |12.2(1.1) |12.2(3) | | |release for all | | |2001-August | | |platforms | | | | +---------------+----------------+-------------+------------+--------------+ | |General | | | | | 12.2T |deployment | |12.2(2.2)T | | | |release for all | | | | | |platforms | | | | +---------------+----------------+-------------+------------+--------------+ | 12.2XA |SPLOB | | |12.2(2)XA | | | | | |2001-July-02 | +---------------+----------------+-------------+------------+--------------+ | |Short-lived | | | | | 12.2XD |early deployment|12.2(1)XD1 | | | | |release | | | | +---------------+----------------+-------------+------------+--------------+ | |Short-lived | | | | | 12.2XE |early deployment| | |12.2(1)XE | | |release | | | | +---------------+----------------+-------------+------------+--------------+ | |Short-lived | | | | | 12.2XH |early deployment| | |12.2(1)XH | | |release | | |2001-June-25 | +---------------+----------------+-------------+------------+--------------+ | |Short-lived | | | | | 12.2XQ |early deployment| | |12.2(1)XQ | | |release | | |2001-June-23 | +---------------+----------------+-------------+------------+--------------+ | Notes | +--------------------------------------------------------------------------+ | * All dates are estimated and subject to change. | | | | ** Interim releases are subjected to less rigorous testing than regular | | maintenance releases, and may have serious bugs. | +--------------------------------------------------------------------------+ Obtaining Fixed Software Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's Worldwide Web site at http://www.cisco.com. Customers whose Cisco products are provided or maintained through prior or existing agreement with third-party support organizations such as Cisco Partners, authorized resellers, or service providers should contact that support organization for assistance with the upgrade, which should be free of charge. Customers who purchase directly from Cisco but who do not hold a Cisco service contract and customers who purchase through third party vendors but are unsuccessful at obtaining fixed software through their point of sale should get their upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows: + +1 800 553 2447 (toll-free from within North America) + +1 408 526 7209 (toll call from anywhere in the world) + e-mail: tac@cisco.com Please have your product serial number available and give the URL of this notice as evidence of your entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Workarounds There are no workarounds for these vulnerabilities. Exploitation and Public Announcements All three vulnerabilities are publicly known. Please see the Details section for the original announcements. The Cisco PSIRT is not aware of malicious use of the vulnerabilities described in this advisory. Status of This Notice: INTERIM This is an interim security advisory. Cisco anticipates issuing updated versions of this notice at irregular intervals as there are material changes in the facts, and will continue to update this notice as necessary. The reader is warned that this notice may contain inaccurate or incomplete information. Although Cisco cannot guarantee the accuracy of all statements in this notice, all of the facts have been checked to the best of our ability. Cisco anticipates issuing monthly updates of this notice until it reaches FINAL status. A standalone copy or paraphrase of the text of this security advisory that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution This notice will be posted on Cisco's Worldwide Web site at http://www.cisco.com/warp/public/707/SSH-multiple-pub.html. In addition to Worldwide Web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients: + cust-security-announce@cisco.com + bugtraq@securityfocus.com + first-teams@first.org (includes CERT/CC) + cisco@spot.colorado.edu + comp.dcom.sys.cisco + firewalls@lists.gnac.com + Various internal Cisco mailing lists Future updates of this notice, if any, will be placed on Cisco's Worldwide Web server, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the URL given above for any updates. Revision History Revision 1.0 2001-June-27 08:00 UTC -0800 Initial public release Cisco Security Procedures Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's Worldwide Web site at http://www.cisco.com/warp/public/707/sec_incident_response. shtml. This includes instructions for press inquiries regarding Cisco security notices. For a list of all advisories please visit http://www.cisc.com/warp/public/707/advisory.html page. __________________________________________________________ This notice is Copyright 2000 by Cisco Systems, Inc. This notice may be redistributed freely after the release date given at the top of the text, provided that redistributed copies are complete and unmodified, and include all date and version information. __________________________________________________________ - -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBOzn6T2iN3BRdFxkbAQHfnggAjJxdGNJpV38nVrVdfKl6QWLbtiJGHB4i wi3fzNqBV3zOaPwu1VERhq5tco2S/r+WhtOZEq1vEiLjc4ck9sBn6hYH2WqBxJFY 98BZa0qNlzGIESiZdBJXkf6/C0gVnpZ+z2Feox0gnX+Xlow6ENxsCOX92zVXNpp4 DTLNxv2n6sH8RhnthQ1HXTFTck+/IpILKikEUwK4/W2mINc8GmAr0JHH+Fr9UJAR jzCc8en7Q4y7OYMfUyIOPE6udO9VvG2+J7xpkDRsynFR9HJwibt50yudh23VtdKm /EyDeB7WPLoZMch3GMK614PrYbq4Wp+hdo+KgJcSB1TH2+J3OJYtzA== =gpvY - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to use any or all of this information is the responsibility of each user or organisation, and should be done so in accordance with site policies and procedures. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the original authors to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/Information/advisories.html If you believe that your system has been compromised, contact AusCERT or your representative in FIRST (Forum of Incident Response and Security Teams). Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for emergencies. -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv Comment: ftp://ftp.auscert.org.au/pub/auscert/AUSCERT_PGP.key iQCVAwUBOzsMKCh9+71yA2DNAQEApQP/cP50jnVyX9kTDJt8ACFgNcKN3t9NwU3x uYDx8aXlnH5OXxc5n7Feww3QwO+45hd/5G0J8SSM5CEyIszeaCtJKd1y/C9zpJyG YlW4AMYV+Zgi4zOgk+J3q9TeWKeYbBgYkXvTU8lnFSDxUlAdHPTbOlHk9mxEjTIs DxIV2l7htGY= =3ZiJ -----END PGP SIGNATURE-----