GEN:SID | 1:1326 |
Message | EXPLOIT ssh CRC32 overflow NOOP |
Summary | Secure Shell (SSH) is used to remotely manage systems over encrypted TCP sessions. This event is generated when an attempt is made to exploit vulnerable versions of the SSH daemon.
|
Impact | System compromize presenting the attacker with root privileges. Denial of Service (DoS) on certain network devices.
|
Detailed Information | A flaw in the CRC32 compensation attack detection code may result in arbitrary code execution with the privileges of the user running the SSH daemon (usually root).
Some Netscreen devices may suffer a Denial of Service.
Affected Systems: OpenSSH versions prior to 2.2 Multiple Cisco network devices Multiple Netscreen network devices SSH Secure Communications prior to 1.2.31
|
Affected Systems | |
Attack Scenarios | The attacker would need to send specially crafted large SSH packets to cause the overflow and present the opportunity to write values to memory locations.
Exploit scripts are available
|
Ease of Attack | Simple. Exploits are available.
|
Corrective Action | Upgrade to the latest non-affected version of the software.
Apply the appropriate vendor supplied patches.
|
Additional References | CERT: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0144 http://www.kb.cert.org/vuls/id/945216
Securityfocus: http://www.securityfocus.com/bid/2347
Analysis by David Dittrich: http://staff.washington.edu/dittrich/misc/ssh-analysis.txt
|
Rule References | bugtraq: 2347
cve: 2001-0144
cve: 2001-0572
|