Date: 1 Nov 1998 20:43:19 -0000
From: announce-outgoing@rootshell.com

01. ssh 1.2.26 vulnerability
----------------------------

As most of you are aware, the Rootshell site was compromised on October
28th.  In order to keep the integrity of our investigation we have been
fairly closed-lipped about this incident until now.  This has led to
widespread rumors and speculation by netizens who have zero first hand
knowledge about the break-in.

Some people now believe that we had no evidence of an ssh break-in.  SSH
Communications Security Ltd. even went as far as saying they have analyzed
the Rootshell logs, etc.  Unless they have broken into our network this is
not possible.  We at Rootshell believe they are now simply in damage control
mode and nothing else.

Since the very beginning, Rootshell has been working very closely with the
folks at CERT, and the members of law enforcement to track down the
individuals responsible for the Rootshell break-in.  As the ssh issue has
been a very sensitive topic we have avoided making any statements until we
were sure about anything one way or the other.  The *ONLY* thing Rootshell
has ever said in public about SSH until now has been "The paranoid MAY want
to disable ssh 1.2.26."

In order to show the type of evidence Rootshell has received at this point,
below you will find a draft that IBM was intending to release on Monday
about SSH.  They appear to have jumped the gun slightly and do not have
working exploit code, but have found possible buffer overflows in the ssh
1.2.26 code.  Rootshell has also received further reports of exploit code
going around in various circles.  SSH Communications Security Ltd. has
evaluated this bulletin and now believes it is actually not a problem.

Rootshell will continue its investigation of this matter as well as other
security issues and will make this information public as soon as possible. 
I hope that this bulletin will at the very least put an end to the wild
speculation that this was a hoax, or that we are just in the business of
making wild accusations.

Please see http://www.ssh.fi/sshprotocols2/rootshell.html for their
"analysis" of events.  It is sad that we had to learn of this URL from
Slashdot.org instead of SSH directly.  They appear to have some serious
communications dificuilties.  Both Rootshell and CERT were met with
unanswered phones at SSH Communications Security Ltd. and Data Fellows when
we attempted to research this matter.  Perhaps after this incident they can
work on correcting these issues.

SSH is a trademark of SSH Communications Security Ltd.  All rights reserved.

[ end rant ]

--ERS-ALERT--ERS-ALERT--ERS-ALERT--ERS-ALERT--ERS-ALERT--ERS-ALERT--ERS-ALERT--
---EXTERNAL RELEASE---EXTERNAL RELEASE---EXTERNAL RELEASE---EXTERNAL RELEASE---
                  =======  ============    ======       ======
                  =======  ==============  =======     =======
                    ===      ===     ====    ======   ======
                    ===      ===========     ======= =======
                    ===      ===========     === ======= ===
                    ===      ===     ====    ===  =====  ===
                  =======  ==============  =====   ===   =====
                  =======  ============    =====    =    =====
                           EMERGENCY RESPONSE SERVICE
                          SECURITY VULNERABILITY ALERT
30 October 1998 18:00 GMT                        Number: ERS-SVA-E01-1998:005.1
===============================================================================
                             VULNERABILITY  SUMMARY
VULNERABILITY:  Buffer overflow condition in "sshd" logging facility
PLATFORMS:      Versions of SSH up to and including SSH 1.2.26.  SSH 2.0.x
                is *not* believed to be vulnerable.
SOLUTION:       Follow the procedures described in Section IV, below
THREAT:         Local and remote users can obtain privileged access to the
                system.
===============================================================================
                              DETAILED INFORMATION
I. Description
SSH (Secure Shell) is software that allows users to log into other computers
over a network, execute commands on remote systems, and move files from one
host to another.  It provides strong authentication and secure (encrypted)
communications over insecure channels.
SSH is produced by SSH Communications Security, Ltd., Finland (www.ssh.fi).
SSH is distributed for non-commercial use from ftp://ftp.cs.hut.fi/pub/ssh;
commercial licensing is handled by Data Fellows, Ltd. (www.datafellows.com).
The IBM Global Security Analysis Laboratory has identified a buffer overflow
vulnerability in the SSH server program, "sshd."
The "log_msg" function, called by several parts of the server program to send
information to the system log, copies user-supplied data into a local buffer
without checking that the data will fit.  Several other similar logging, debug,
and error functions perform this operation as well.  When a large amount of
data is supplied, a buffer overrun condition will occur.  
II. Impact
If a user is able to exploit this vulnerability to create a buffer overrun, it
may be possible for the user to supply machine-language program instructions
that will then be executed with the privileges of the user running the "sshd"
program, usually the super-user.
This vulnerability can be exploited by local and remote users.
The person exploiting the vulnerability does not need to have an account on
the machine running "sshd" to succeed.
III. Platform-Specific Threats
This vulnerability affects recent (and perhaps older) 1.2.x versions of the
"sshd" server.  The current 1.2.x version of the server is 1.2.26.
It is believed that the 2.0.x versions of the "sshd" server do not contain
this vulnerability.  The current 2.0.x version of the server is 2.0.9.
IV. Solutions
IBM-ERS has provided the information it has developed about this vulnerability
to SSH Communications Security, Ltd, and anticipates that a new versions of
SSH 1.2.x that fixes this vulnerability will be available soon.  When this new
version becomes available, IBM-ERS urges all sites to upgrade their SSH
servers to the new release as quickly as possible.
In the meantime, however, IBM-ERS and the IBM GSAL have developed the three
following specific actions that you can take to address this vulnerability.
Option 1: Operate the "sshd" program with the "-q" option turned on.  Note
          that this will disable the logging functions normally performed.
          This may be undesirable in some situations.
Option 2: If possible, upgrade to version 2.0.x of SSH.  This version supports
          a newer, more capable version of the SSH protocol and offers
          additional features.
Option 3: Follow the procedure below to patch the SSH 1.2.26 source code to
          address this vulnerability in a manner similar to the way the SSH
          2.0.x source code addresses it.  NOTE: This procedure should only be
          attempted by persons familiar with installing the SSH software from
          source code.
          1. Obtain the source code distributions for SSH 1.2.26 and SSH 2.0.9
             from ftp://ftp.cs.hut.fi/pub/ssh or Data Fellows, Ltd.  Be sure
             to observe all licensing requirements.
          2. Copy the following files
                lib/sshutil/snprintf.h
                lib/sshutil/snprintf.c
             from the SSH 2.0.9 directory to the SSH 1.2.26 directory (put
             them at the top level, do not reproduce the subdirectories).
          3. Edit "Makefile.in" in the SSH 1.2.26 directory and add the word
             "snprintf.o" to the "COMMON_OBJS" and "SCP_OBJS" definitions.
             Also add the word "snprintf.h" to the "HEADERS" definition.
          4. Edit the files "log-server.c," "packet.c," and "scp.c" in the SSH
             1.2.26 directory and do the following:
                a. Add the line
                        #include "snprintf.h"
                   near the top of each file with the rest of the "#include"
                   lines.
                b. Locate all occurrences of
                        vsprintf(buf, fmt, args);
                   in each file and replace them with
                        vsnprintf(buf, sizeof(buf), fmt, args);
                   There are six (6) occurrences in "log-server.c," two (2) in
                   "packet.c," and one (1) in "scp.c".
          5. Edit "snprintf.h" and change the line
                #include "sshincludes.h"
             to read
                #include "includes.h"
             Also delete the two occurrences of the word "DLLEXPORT."
          6. Edit "snprintf.c" and change the line
                #include "sshincludes.h"
             to read
                #include "includes.h"
             Also replace the one occurrence of "ssh_xmalloc" with "xmalloc",
             and the two occurrences of "ssh_xfree" with "xfree".
          7. Read the instructions in the "INSTALL" file in the SSH 1.2.26
             directory to build and install the modifications made above.
IBM-ERS and IBM GSAL have carefully examined the SSH 1.2.26 source code, and
tested these steps on a production "sshd" server.  No ill effects have been
observed.  However, because it is impossible to anticipate all possible
environments in which SSH is used, the following disclaimer applies to the
procedures above:
THESE PROCEDURES ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING,
WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTIBILITY OR FITNESS FOR A
PARTICULAR PURPOSE.  THIS ADVISORY DOES NOT CREATE OR IMPLY ANY SUPPORT
OBLIGATIONS OR ANY OTHER LIABILITY ON THE PART OF IBM OR ITS SUBSIDIARIES.
V. Acknowledgements
IBM-ERS would like to thank Alan and Art at the IBM Global Security Analysis
Laboratory for their work in identifying this problem.
SSH and Secure Shell are trademarks or registered trademarks of SSH
Communications Security Ltd.
===============================================================================
IBM's Internet Emergency Response Service (IBM-ERS) is a subscription-based
Internet security response service that includes computer security incident
response and management, regular electronic verification of your Internet
gateway(s), and security vulnerability alerts similar to this one that are
tailored to your specific computing environment.  By acting as an extension
of your own internal security staff, IBM-ERS's team of Internet security
experts helps you quickly detect and respond to attacks and exposures across
your Internet connection(s).
As a part of IBM's Business Recovery Services organization, the IBM Internet
Emergency Response Service is a component of IBM's SecureWay(tm) line of
security products and services.  From hardware to software to consulting,
SecureWay solutions can give you the assurance and expertise you need to
protect your valuable business resources.  To find out more about the IBM
Internet Emergency Response Service, send an electronic mail message to
ers-sales@vnet.ibm.com, or call 1-800-742-2493 (Prompt 4).
IBM-ERS maintains a site on the World Wide Web at http://www.ers.ibm.com/.
Visit the site for information about the service, copies of security alerts,
team contact information, and other items.
IBM-ERS uses Pretty Good Privacy* (PGP*) as the digital signature mechanism for
security vulnerability alerts and other distributed information.  The IBM-ERS
PGP* public key is available from http://www.ers.ibm.com/team-info/pgpkey.html.
"Pretty Good Privacy" and "PGP" are trademarks of Philip Zimmermann.
IBM-ERS is a Member Team of the Forum of Incident Response and Security Teams
(FIRST), a global organization established to foster cooperation and response
coordination among computer security teams worldwide.
Copyright 1998 International Business Machines Corporation.
The information in this document is provided as a service to customers of
the IBM Emergency Response Service.  Neither International Business Machines
Corporation, nor any of its employees, makes any warranty, express or implied,
or assumes any legal liability or responsibility for the accuracy, complete-
ness, or usefulness of any information, apparatus, product, or process
contained herein, or represents that its use would not infringe any privately
owned rights.  Reference herein to any specific commercial products, process,
or service by trade name, trademark, manufacturer, or otherwise, does not
necessarily constitute or imply its endorsement, recommendation or favoring
by IBM or its subsidiaries.  The views and opinions of authors expressed
herein do not necessarily state or reflect those of IBM or its subsidiaries,
and may not be used for advertising or product endorsement purposes.
The material in this security alert may be reproduced and distributed,
without permission, in whole or in part, by other security incident response
teams (both commercial and non-commercial), provided the above copyright is
kept intact and due credit is given to IBM-ERS.
This security alert may be reproduced and distributed, without permission,
in its entirety only, by any person provided such reproduction and/or
distribution is performed for non-commercial purposes and with the intent of
increasing the awareness of the Internet community.
---EXTERNAL RELEASE---EXTERNAL RELEASE---EXTERNAL RELEASE---EXTERNAL RELEASE---
--ERS-ALERT--ERS-ALERT--ERS-ALERT--ERS-ALERT--ERS-ALERT--ERS-ALERT--ERS-ALERT--