Features Download
From: Damien Miller <djm <at> mindrot.org>
Subject: Re: Does anyone know anything about this "0-day" ssh vulnerability?
Newsgroups: gmane.network.openssh.devel
Date: Wednesday 8th July 2009 11:31:24 UTC (over 8 years ago)
On Tue, 7 Jul 2009, Vincent Danen wrote:

> Hi all. I've looked at the archives and it seems to be quiet regarding
> this supposed "0-day" openssh vulnerability and I'm wondering if
> anyone here may have some insight or further information regarding it.
> We've been monitoring things and the amount of speculative info flying
> around is incredible. Some claim it's the CPNI-957037 issue, thus
> affecting <5.2, others are indicating it's the unsafe signal handler
> issue fixed in 4.4.
> Granted, Red Hat does ship with a patched 4.3, but we have corrected
> all issues that we know to have existed with 4.3. And the veracity of
> the supposed "logs" are sketchy at best.

I don't have any non-public information. I have exchanged some emails
with one of the victims of the alleged sshd 0day, but he was not able to
provide any evidence that the attack was sshd-related. In particular, I
spent some time analysing a packet trace that he provided, but it seems
to consist of simple brute-force attacks.

So, I'm not pursuaded that an 0day exists at all. The only evidence so
far are some anonymous rumours and unverifiable intrusion transcripts.

Speculating as to what an exploit, should it exist, might consist of:

The two issues of note that have been fixed since openssh-4.3 are the
aforementioned signal race (in 4.4) and a privsep signature verification
weakness (in 4.5). I doubt that it is the race condition as not even
Mark Dowd was able to make an working exploit from it. The privsep
weakness could be used to escalate privilege out of some other unknown
flaw, but it would not grant access by itself.

It is certainly not the CBC mode side-channel attack reported by CPNI;
it is only useful to a MITM under quite tight constraints and wouldn't
be useful to attack a server blindly.

If the attack doesn't work against a more recent version of OpenSSH,
then it is possible that we fixed it incidentally while making some
other change or that we did not realise some bug as exploitable. I'm
sure that someone sufficiently interested could crawl through the diffs
from openssh-4.3 to 5.2 and cast a fresh set of eyes over each change
- they might get the bragging rights of being the first to disclose an
exploitable remote sshd bug in quite a few years :)

CD: 2ms