Although more secure than traditional protocols, SSH is not without vulnerabilities. The various SSH packages have some vulnerabilities in common and some that are unique to the distribution. We will look at only some of the vulnerabilities that have affected OpenSSH since the introduction of Mac OS X. For more details on OpenSSH security, see OpenSSH's security page at http://www.openssh.com/security.html.
Zlib Compression Library Heap Vulnerability (CVE-2002-0059, CA-2002-07, Bugtraq ID 4267)
A bug in the decompression algorithm of the zlib compression library (version 1.1.3 and earlier) can cause problems with dynamically allocated memory. An attacker can take advantage of this vulnerability in programs that link to or use the zlib compression library. Potential impacts include denial of service, information leakage, or execution of arbitrary code with permissions of the vulnerable program. So far there are no reports of this vulnerability being exploited.
This vulnerability is not an OpenSSH-specific vulnerability, but because OpenSSH can be affected, it is included here. Because this vulnerability appears in programs that link to or use the zlib compression library, it affects many programs and many operating systems. The solution is to get a patch from your vendor or download the latest version of zlib from http://www.zlib.org/. Then, where possible, recompile any programs that use the zlib compression library. However, depending on how they use the zlib compression library, you might not able to fix the problem yourself.
Mac OS X is reportedly not affected by this exploit. However, if you look for libz on a Mac OS X system, you will see files that contain 1.1.3 in the name . We assume that Apple has taken care of this problem without changing any filenames. The libz included with Mac OS X 10.2 is definitely different than that included with Mac OS X 10.1 and earlier. You can try to update libz yourself. If you succeed, you can then try to update OpenSSH. Other packages mentioned in this chapter that can be affected by this vulnerability include TightVNC and VNCThing.
Trojan Horse OpenSSH Distributions (CA-2002-24, BugTraq ID 5374, CAN-1999-0661)
Although a Trojan horse distribution of a package is not a vulnerability inherent in a software package itself, Trojan horse versions of software do exist, even for security software. From July 30 “August 1, 2002, Trojan horse versions of OpenSSH 3.2.2p1, 3.4p1, and 3.4 were distributed on the OpenBSD FTP server and may have propagated to other FTP servers via the mirroring process.
The Trojan horse versions execute code when the software is compiled. The software connects to a fixed remote server on 6667/tcp, and opens a shell running as the user who compiled OpenSSH.
Challenge Response Handling Vulnerabilities (CAN-2002-0639, CAN-2002-0640, CA-2002-18, BugTraq ID 5093)
Versions of OpenSSH between 2.9.3 and 3.3 have two vulnerabilities involving the challenge-response authentication. One is an integer overflow in the number of responses received during the challenge-response authentication. The other vulnerability is a buffer overflow in the challenge-response authentication. Either vulnerability can be used for a denial of service attack, or for the execution of arbitrary code with the privileges of OpenSSH. These vulnerabilities are fixed in OpenSSH 3.4, and the Mac OS X 10.1 July 2002 Security Update includes OpenSSH 3.4. More information on the vulnerability is also available at http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20584.
Off-by-one Error Allows Execution of Arbitrary Code with the Privileges of OpenSSH (CVE-2002-0083, BugTraq ID 4241)
Versions of OpenSSH between 2.0 and 3.0.2 contain an off-by-one error in the channel code. Exploiting this vulnerability can result in the execution of arbitrary code with the privileges of OpenSSH. This vulnerability is fixed in OpenSSH 3.1, and the Mac OS X 10.1 April 2002 Security Update includes OpenSSH 3.1p1. More information on the vulnerability is also available at http://www.openbsd.org/advisories/ssh_channelalloc.txt.
UseLogin Allows the Execution of Arbitrary Code with the Privileges of OpenSSH (CVE-2001-0872, VU# 157447, BugTraq ID 3614)
In some versions of OpenSSH, if the user turns on the UseLogin directive, which uses login to handle interactive sessions, a user can pass environment variables to login . An intruder can exploit this vulnerability to execute commands with the privileges of OpenSSH, which usually has root privileges. This vulnerability is fixed in OpenSSH 3.0.2, and the Mac OS X 10.1.3 update includes OpenSSH 3.0.2p1.
Timing Analysis (CAN-2001-1382, VU# 596827)
Monitoring delays between keystrokes during an interactive SSH session can simplify brute-force attacks against passwords. During the interactive SSH sessions, user keystrokes and system responses are transmitted as packets with an echo. However, if a user types a password during the interactive session, the password is transmitted without an echo. An intruder can detect the lack of echo and analyze delays between the keystrokes to simplify a brute-force attack against the password. Exploiting the vulnerability does not necessarily result in a compromised password. OpenSSH 2.5.0 has fixes for this. Mac OS X's first update includes OpenSSH 2.30p1, which has this vulnerability. However, the Mac OS X Web Sharing Update 1.0 addresses this issue by including OpenSSH 2.9p2.
SSH CRC32 Attack Detection Code Can Lead to Execution of Arbitrary Code with the Privileges of the SSH Daemon (CVE-2001-0144, VU# 945216, BugTraq ID 2347)
The SSH1 CRC32 attack detection code contains a remote integer buffer overflow that can allow the execution of arbitrary code with the privileges of the SSH daemon, usually root. OpenSSH 2.3.0 contains a fix for this vulnerability.
The first Mac OS X update includes OpenSSH 2.3.0p1, which is not vulnerable. More information on the vulnerability is also available at http:// razor .bindview.com/publish/advisories/adv_ssh1crc.html.