SSH3 account password lengths < 3 characters could allow unauthorized access

ssh-password-length-unauth-access (6868)

High Risk

Description:

SSH (Secure Shell) could allow a remote attacker to gain unauthorized access to accounts that have password lengths of less than 3 characters. A vulnerability in the authentication mechanism in the ssh3 daemon could allow a remote attacker to enter any password to gain access to one of the affected accounts. An attacker can use this vulnerability to gain root privileges on the system.

Platforms Affected:

• SSH, Secure Shell 3.0.0

Remedy:

Upgrade to the latest version of SSH (3.0.1 or later), as listed in the SSH Secure Shell 3.0.0 Security Advisory. See References.

Consequences:

Gain Privileges

References:

• BugTraq Mailing List, Fri Jul 20 2001 - 19:34:02 CDT, URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 at http://archives.neohapsis.com/archives/bugtraq/2001-07/0486.html.
• BugTraq Mailing List, Fri Jul 20 2001 - 21:11:02 CDT, Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 at http://archives.neohapsis.com/archives/bugtraq/2001-07/0488.html.
• BugTraq Mailing List, Mon Jul 23 2001 - 11:03:10 CDT, Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 at http://archives.neohapsis.com/archives/bugtraq/2001-07/0514.html.
• BugTraq Mailing List, Mon Jul 23 2001 - 11:31:06 CDT, Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 at http://archives.neohapsis.com/archives/bugtraq/2001-07/0513.html.
• BugTraq Mailing List, Sat Jul 21 2001 - 03:47:53 CDT, Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 at http://archives.neohapsis.com/archives/bugtraq/2001-07/0493.html.
• BugTraq Mailing List, Sat Jul 21 2001 - 17:48:58 CDT, Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 at http://archives.neohapsis.com/archives/bugtraq/2001-07/0494.html.
• CIAC Information Bulletin L-121, SSH Secure Shell Remote Root Exploit Vulnerability at http://www.ciac.org/ciac/bulletins/l-121.shtml.
• Internet Security Systems Security Alert #88, SSH Secure Shell Authentication Bypass Vulnerability at http://www.iss.net/xforce/alerts/id/advise88.
• SSH Secure Shell 3.0.0 Security Advisory, Secure Shell Potential Remote Root Exploit at http://www.ssh.com/products/ssh/exploit.cfm.
• BID-3078: SSH Short Password Login Vulnerability
• CVE-2001-0553: SSH Secure Shell 3.0.0 on Unix systems does not properly perform password authentication to the sshd2 daemon, which allows local users to gain access to accounts with short password fields, such as locked accounts that use NP in the password field.
• OSVDB ID: 586: SSH Two Character Password Open Access
• US-CERT VU#737451: SSH Secure Shell sshd2 does not adequately authenticate logins to accounts with encrypted password fields containing two or fewer characters

Reported:

Jul 20, 2001

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page