ISS X-Force Database: ssh-insert(1126): SSH can accept inserted data in encrypted sessions

SSH can accept inserted data in encrypted sessions

ssh-insert (1126)

High Risk

Description:

A vulnerability in SSH (Secure Shell) and F-Secure could allow a remote attacker to insert data into an encrypted session. A remote attacker could use this vulnerability to execute arbitrary commands on the SSH server or through an encrypted SSH session, and possibly obtain information to perform further attacks.

Consequences:

Gain Access

Remedy:

For SSH 1.2.23 and earlier:
Upgrade to the latest version of SSH (1.2.25 or later), as listed in CORE SDI S.A. Security Advisory. See References.

For F-Secure SSH 1.3.4 and earlier:
Upgrade to the latest version of F-Secure SSH (1.3.5 or later), as listed in CORE SDI S.A. Security Advisory. See References.

References:

BugTraq Mailing List, Fri, 3 Jul 1998 20:09:35 -0300: UPDATE: SSH insertion attack.
CERT Advisory CA-2001-35: Recent Activity Against Secure Shell Daemons.
Cisco Systems Inc. Security Advisory, 2001 June 27 08:00 (UTC -0800): Multiple SSH Vulnerabilities.
CORE SDI S.A. Security Advisory: SSH Insertion Attack.
F-Secure Web site: SSH.
SSH Communications Security Web site: Download.
CVE-1999-1085: SSH 1.2.25, 1.2.23, and other versions, when used in in CBC (Cipher Block Chaining) or CFB (Cipher Feedback 64 bits) modes, allows remote attackers to insert arbitrary data into an existing stream between an SSH client and server by using a known plaintext attack and computing a valid CRC-32 checksum for the packet, aka the SSH insertion attack.
US-CERT VU#13877: Weak CRC allows packet injection into SSH sessions encrypted with block ciphers

Platforms Affected:

F-Secure SSH 1.3.4 and prior
SSH SSH 1.2.23
SSH SSH 1.2.25

Reported:

Jun 11, 1998

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page