-----BEGIN PGP SIGNED MESSAGE-----
Security Advisory: Multiple SSH vulnerabilities
Revision 1.0 - INTERIM
For public release 2001 June 27 08:00 (UTC -0800)
_________________________________________________________________
Summary
Three different Cisco product lines are susceptible to multiple
vulnerabilities in the Secure Shell (SSH) protocol. These issues are
inherent to the SSH protocol version 1.5, which is implemented in
several Cisco product lines.
By exploiting the weakness in the SSH protocol, it is possible to
insert an arbitrary commands into an established SSH session, collect
information that may help in brute force key recovery, or brute force
a session key.
Affected product lines are:
All devices running Cisco IOS software supporting SSH. That includes
routers and switches running Cisco IOS.
Catalyst 6000 switches running CatOS.
Cisco PIX Firewall.
No other Cisco products are vulnerable.
It is possible to mitigate this vulnerability by preventing, or
having a control over, interception of SSH traffic.
This advisory will be available at
http://www.cisco.com/warp/public/707/SSH-multiple-pub.html
Affected Products
The following table depicts the affected products categories.
+---------------+-----------------+-------------------+----------------+
| | CRC-32 check | Traffic analysis | Key recovery |
+---------------+-----------------+-------------------+----------------+
|IOS | Vulnerable | Vulnerable | Vulnerable |
| | CSCdt96253 | CSCdt57231 | CSCdu37371 |
+---------------+-----------------+-------------------+----------------+
|PIX | Vulnerable | Not vulnerable | Not vulnerable |
| | CSCdt73353 | | |
+---------------+-----------------+-------------------+----------------+
|VPN3000 | Not vulnerable | Not vulnerable | Not vulnerable |
+---------------+-----------------+-------------------+----------------+
|Catalyst 6000 | Vulnerable | Vulnerable | Not vulnerable |
| | CSCdt72996 | CSCdt55357 | |
+---------------+-----------------+-------------------+----------------+
Per product category, the following software releases are
vulnerable:
+--------+---------------------------------------------------------------+
|IOS | All 12.0, and upwards, releases that conatins support for SSH.|
+--------+---------------------------------------------------------------+
|PIX | 5.2(5) and 5.3.(1) |
+--------+---------------------------------------------------------------+
|CatOS | 6.2(0.110) |
+--------+---------------------------------------------------------------+
|VPN3000 | Not vulnerable |
+--------+---------------------------------------------------------------+
Details
An implementation of SSH in multiple Cisco products are
vulnerable to three different vulnerabilities. These
vulnerabilities are:
CRC-32 integrity check vulnerability
This vulnerability has been described in a CORE SDI S.A.
paper entitled "An attack on CRC-32 integrity checks of
encrypted channels using CBC and CFB modes", which can be
found at http://www.core-sdi.com/soft/ssh/ssh.pdf
In order for this attack to succeed, an attacker must
possess one or two known chipertext/plaintext pairs. This
should not be difficult since every session starts with a
greeting screen which is fixed and which can be
determined. This also implies that an attacker must be
somewhere along the session path in order to be able to
sniff the session and collect corresponding chipertext.
For further technical details, see
http://www.core-sdi.com/soft/ssh/ssh.pdf.
Traffic analysis
This issue has been described in an analysis made by
Solar Designer. It can be found at
http://www.securityfocus.com/archive/1/169840, and is
entitled "Passive Analysis of SSH (Secure Shell)
Traffic".
To exploit this vulnerability, an attacker must be able
to capture packets. When sending a packet using the SSH
protocol, it is padded to the next 8-byte boundary, but
the exact len of the data (without the padding) is sent
unencrypted.
The timing between packets may yield additional
information, such as the relative position of a letter on
the keyboard, but that depends on overall jitter in the
network and the typing habits of the person.
For additional information, please see
http://www.securityfocus.com/archive/1/169840.
Key recovery in SSH protocol 1.5
This has been discovered by CORE SDI S.A. and the paper
describing it can be viewed at
http://www.securityfocus.com/archive/1/161150. The
subject line is "SSH protocol 1.5 session key recovery
vulnerability".
In order to exploit this vulnerability, an attacker must
be able to sniff the SSH session and must be able to
establish a connection to the SSH server. In order to
recover the server key, an attcker must perform an
additional 2^20+2^19=1572864 connections. Since the key
has a lifespan of about an hour, this means that an
attacker must perform around 400 connections per second.
For further details, please conslut
http://www.securityfocus.com/archive/1/161150.
Impact
CRC-32 integrity check vulnerability
By exploiting this protocol weakness, the attacker can
insert arbitrary commands in the session after the
session has been established.
Traffic analysis
This vulnerability exposes the exact lengths of the
passwords used for login authentication. This is only
applicable to an interactive session that is being
established over the tunnel protected by SSH. This can
significantly help an attacker in guessing the password
using the brute force attack.
Key recovery in SSH protocol 1.5
This vulnerability may lead to the compromise of the
session key. Once the session key is determined, the
attacker can proceed to decrypt the stored session using
any implementation of the crypto algorithm used. This
will reveal all information in an unencrypted form.
Software Versions and Fixes
Following software releases contains fixes for all
vulnerabilities.
For Catalyst 6000 switches all vulnerabilities are fixed in the
following CatOS releases.
+---------+--------------------------------------------------------------+
| CatOS | 6.1(2.13), 6.2(0.111) and 6.3(0.7)PAN |
+---------+--------------------------------------------------------------+
Each row of the table describes a release train and the
platforms or products for which it is intended. If a given
release train is vulnerable, then the earliest possible
releases that contain the fix and the anticipated date of
availability for each are listed in the "Rebuild", "Interim",
and "Maintenance" columns. A device running any release in the
given train that is earlier than the release in a specific
column (less than the earliest fixed release) is known to be
vulnerable, and it should be upgraded at least to the indicated
release or a later version (greater than the earliest fixed
release label).
When selecting a release, keep in mind the following
definitions:
Maintenance
Most heavily tested and highly recommended release
of any label in a given row of the table.
Rebuild
Constructed from the previous maintenance or major
release in the same train, it contains the fix for
a specific defect. Although it receives less
testing, it contains only the minimal changes
necessary to effect the repair.
Interim
Built at regular intervals between maintenance
releases and receive less testing. Interims should
be selected only if there is no other suitable
release that addresses the vulnerability, and
interim images should be upgraded to the next
available maintenance release as soon as possible.
Interim releases are not available via
manufacturing, and usually they are not available
for customer download from CCO without prior
arrangement with the Cisco TAC.
In all cases, customers should exercise caution to be certain
the devices to be upgraded contain sufficient memory and that
current hardware and software configurations will continue to
be supported properly by the new release. If the information is
not clear, contact the Cisco TAC for assistance as shown in the
following section.
More information on IOS release names and abbreviations is
available at http://www.cisco.com/warp/public/620/1.html.
For PIX Firewall software, use the following table to determine
affected and fixed software releases.
+------+----------------------+--------------------------------------------+
|Train |Description of Image | Availability of Fixed Releases* |
| | or Platform | |
+------+----------------------+-------------------------+------------------+
| 5.x-based Releases |Rebuild Interim** | Maintenance |
+-----+-----------------------+---------+---------------+------------------+
| | | | 5.2(5)203 | 5.2.(6) |
| 5.2 | Early Deployment (ED) | |Available | Available in |
| | for all platforms | |through TAC | August |
+-----+-----------------------+---------+---------------+------------------+
| | | |5.3(1)202 | 5.3.(1) |
| 5.3 | Early Deployment (ED) | |Available | Available in |
| | for all platforms | |through TAC | August |
+-----+-----------------------+---------+---------------+------------------+
| 6.x-based Releases Rebuild | Interim** | Maintenance |
+-----+-----------------------+---------+---------------+------------------+
| 6.0 | Early Deployment (ED) | | | 6.0(1) |
| | for all platforms | | | Available |
+-----+-----------------------+---------+---------------+------------------+
For Cisco IOS, use the following table to determine affected
and fixed software releases.
+---------------+----------------+-----------------------------------------+
| | Description of | |
| Train | Image or | Availability of Fixed Releases* |
| | Platform | |
+---------------+----------------+-------------+------------+--------------+
| 12.0-based Releases | Rebuild | Interim** | Maintenance |
+---------------+----------------+-------------+------------+--------------+
| |General | | | |
| 12.10S |deployment | | |12.0(18)S |
| |release for all | | |2001-July |
| |platforms | | | |
+---------------+----------------+-------------+------------+--------------+
| 12.1-based Releases | Rebuild | Interim** | Maintenance |
+---------------+----------------+-------------+------------+--------------+
| |General | |
| 12.1 |deployment | SSH not supported |
| |release for all | |
| |platforms | |
+---------------+----------------+-----------------------------------------+
| 12.1AA |Dial support | SSH not supported |
+---------------+----------------+-----------------------------------------+
| |Core/ISP | |
| 12.1CX |support: GSR, | SSH not supported |
| |RSP, c7200 | |
+---------------+----------------+-----------------------------------------+
| 12.1DA |xDSL support: | SSH not supported |
| |6100, 6200 | |
+---------------+----------------+-------------+------------+--------------+
| |Cisco IOS | | | |
| |Software Release| | | |
| |12.1(1)DB | | | |
| 12.1DB |supports Cisco's| | | |
| |6400 Universal | | | |
| |Access | | | |
| |Concentrator | | | |
+---------------+----------------+-------------+------------+--------------+
| |Cisco IOS | | | |
| |Software Release| | | |
| |12.1(1)DC | | | |
| 12.1DC |supports Cisco's| | | |
| |6400 Universal | | | |
| |Access | | | |
| |Concentrator | | | |
+---------------+----------------+-------------+------------+--------------+
| |Core/ISP | | | |
| 12.1E |support: GSR, | | |12.1(8a)E |
| |RSP, c7200 | | |2001-Jul-09 |
+---------------+----------------+-------------+------------+--------------+
| |12.1EC is being | | | |
| |offered to allow| | | |
| |early support of| | | |
| |new features on | | | |
| |the uBR7200 | | | |
| 12.1EC |platform, as | |12.1(6.5)EC3| |
| |well as future | | | |
| |support for new | | | |
| |Universal | | | |
| |Broadband Router| | | |
| |headend | | | |
| |platforms. | | | |
+---------------+----------------+-------------+------------+--------------+
| 12.1EX |Catalyst 6000 | | |12.1(8a)E |
| |support | | |2001-Jul-09 |
+---------------+----------------+-------------+------------+--------------+
| |Cat8510c, | | | |
| 12.1EY |Cat8510m, | | |12.1(6)EY |
| |Cat8540c, | | | |
| |Cat8540m, LS1010| | | |
+---------------+----------------+-------------+------------+--------------+
| |Early Deployment| | | |
| 12.1EZ |(ED): special |12.1(6)EZ1 | | |
| |image | | | |
+---------------+----------------+-------------+------------+--------------+
| |Early | |
| |Deployment(ED): |Not Scheduled |
| 12.1T |VPN, Distributed| |
| |Director, +-----------------------------------------+
| |various |Upgrade recommended to 12.2(1b) |
| |platforms | |
+---------------+----------------+-------------+------------+--------------+
| |Early Deployment| | | |
| 12.1XA |(ED): limited | | | |
| |platforms | | | |
+---------------+----------------+-------------+------------+--------------+
| |Early Deployment| | | |
| 12.1XB |(ED): limited | | | |
| |platforms | | | |
+---------------+----------------+-------------+------------+--------------+
| |Early Deployment| | | |
| 12.1XC |(ED): limited | | | |
| |platforms | | | |
+---------------+----------------+-------------+------------+--------------+
| |Early Deployment|Not Scheduled |
| 12.1XD |(ED): limited +-----------------------------------------+
| |platforms |Upgrade recommended to 12.2(1b) |
+---------------+----------------+-------------+------------+--------------+
| |Early Deployment| | | |
| 12.1XE |(ED): limited | | | |
| |platforms | | | |
+---------------+----------------+-------------+------------+--------------+
| |Early Deployment| | | |
| 12.1XF |(ED): 811 and |12.1(2)XF4 | | |
| |813 (c800 |2001-July-09 | | |
| |images) | | | |
+---------------+----------------+-------------+------------+--------------+
| |Early Deployment| | | |
| 12.1XG |(ED): 800, 805, |12.1(5)XG5 | | |
| |820, and 1600 |2001-July-09 | | |
+---------------+----------------+-------------+------------+--------------+
| |Early Deployment|Not Scheduled |
| 12.1XH |(ED): limited +-----------------------------------------+
| |platforms |Upgrade recommended to 12.2(1b) |
+---------------+----------------+-----------------------------------------+
| |Early Deployment|Not Scheduled |
| 12.1XI |(ED): limited +-----------------------------------------+
| |platforms |Upgrade recommended to 12.2(1b) |
+---------------+----------------+-----------------------------------------+
| |Early Deployment|Not Scheduled |
| 12.1XJ |(ED): limited +-----------------------------------------+
| |platforms |Upgrade recommended to 12.1(5)YB4 |
+---------------+----------------+-------------+------------+--------------+
| |Early Deployment| |
| 12.1XK |(ED): limited | SSH not supported |
| |platforms | |
+---------------+----------------+-------------+------------+--------------+
| |Early Deployment|Not Scheduled |
| 12.1XL |(ED): limited +-----------------------------------------+
| |platforms |Upgrade recommended to 12.2(1b) |
+---------------+----------------+-------------+------------+--------------+
| |Short-lived | | | |
| 12.1XM |early deployment|12.1(4)XM4 | | |
| |release |2001-June-27 | | |
+---------------+----------------+-------------+------------+--------------+
| |Early Deployment| | | |
| 12.1XP |(ED): 1700 and |12.1(3)XP4 | | |
| |SOHO | | | |
+---------------+----------------+-------------+------------+--------------+
| |Short-lived |Not Scheduled |
| 12.1XQ |early deployment+-----------------------------------------+
| |release |Upgrade recommended to 12.2(1b) |
+---------------+----------------+-------------+------------+--------------+
| |Short-lived | | | |
| 12.1XR |early deployment|12.1(5)XR2 | | |
| |release | | | |
+---------------+----------------+-------------+------------+--------------+
| |Short-lived | | | |
| 12.1XS |early deployment| | | |
| |release | | | |
+---------------+----------------+-------------+------------+--------------+
| |Early Deployment| | | |
| 12.1XT |(ED): 1700 |12.1(3)XT3 | | |
| |series | | | |
+---------------+----------------+-------------+------------+--------------+
| |Early Deployment| | | |
| 12.1XU |(ED): limited |12.1(5)XU1 | | |
| |platforms | | | |
+---------------+----------------+-------------+------------+--------------+
| |Short-lived | | | |
| 12.1XV |early deployment|12.1(5)XV3 | | |
| |release |2001-July | | |
+---------------+----------------+-------------+------------+--------------+
| |Short-lived | |
| 12.1XW |early deployment| SSH not supported |
| |release | |
+---------------+----------------+-------------+------------+--------------+
| |Short-lived | |
| 12.1XX |early deployment| SSH not supported |
| |release | |
+---------------+----------------+-------------+------------+--------------+
| |Short-lived | | | |
| 12.1XY |early deployment|12.1(5)XY6 | | |
| |release |2001-July | | |
+---------------+----------------+-------------+------------+--------------+
| |Short-lived | |
| 12.1XZ |early deployment| SSH not supported |
| |release | |
+---------------+----------------+-------------+------------+--------------+
| |Short-lived | | | |
| 12.1YA |early deployment| | | |
| |release | | | |
+---------------+----------------+-------------+------------+--------------+
| |Short-lived | | | |
| 12.1YB |early deployment|12.1(5)YB4 | | |
| |release | | | |
+---------------+----------------+-------------+------------+--------------+
| |Short-lived | | | |
| 12.1YC |early deployment|12.1(5)YC1 | | |
| |release | | | |
+---------------+----------------+-------------+------------+--------------+
| |Short-lived | | | |
| 12.1YD |early deployment|12.1(5)YD2 | | |
| |release |2001-June-25 | | |
+---------------+----------------+-------------+------------+--------------+
| |Short-lived | | | |
| 12.1YF |early deployment|12.1(5)YF2 | | |
| |release | | | |
+---------------+----------------+-------------+------------+--------------+
| 12.2-based Releases | Rebuild | Interim** | Maintenance |
+---------------+----------------+-------------+------------+--------------+
| |General | | | |
| 12.2 |deployment |12.2(1b) |12.2(1.1) |12.2(3) |
| |release for all | | |2001-August |
| |platforms | | | |
+---------------+----------------+-------------+------------+--------------+
| |General | | | |
| 12.2T |deployment | |12.2(2.2)T | |
| |release for all | | | |
| |platforms | | | |
+---------------+----------------+-------------+------------+--------------+
| 12.2XA |SPLOB | | |12.2(2)XA |
| | | | |2001-July-02 |
+---------------+----------------+-------------+------------+--------------+
| |Short-lived | | | |
| 12.2XD |early deployment|12.2(1)XD1 | | |
| |release | | | |
+---------------+----------------+-------------+------------+--------------+
| |Short-lived | | | |
| 12.2XE |early deployment| | |12.2(1)XE |
| |release | | | |
+---------------+----------------+-------------+------------+--------------+
| |Short-lived | | | |
| 12.2XH |early deployment| | |12.2(1)XH |
| |release | | |2001-June-25 |
+---------------+----------------+-------------+------------+--------------+
| |Short-lived | | | |
| 12.2XQ |early deployment| | |12.2(1)XQ |
| |release | | |2001-June-23 |
+---------------+----------------+-------------+------------+--------------+
| Notes |
+--------------------------------------------------------------------------+
| * All dates are estimated and subject to change. |
| |
| ** Interim releases are subjected to less rigorous testing than regular |
| maintenance releases, and may have serious bugs. |
+--------------------------------------------------------------------------+
Obtaining Fixed Software
Customers with contracts should obtain upgraded software
through their regular update channels. For most customers, this
means that upgrades should be obtained through the Software
Center on Cisco's Worldwide Web site at
http://www.cisco.com.
Customers whose Cisco products are provided or maintained
through prior or existing agreement with third-party support
organizations such as Cisco Partners, authorized resellers, or
service providers should contact that support organization for
assistance with the upgrade, which should be free of charge.
Customers who purchase directly from Cisco but who do not hold
a Cisco service contract and customers who purchase through
third party vendors but are unsuccessful at obtaining fixed
software through their point of sale should get their upgrades
by contacting the Cisco Technical Assistance Center (TAC). TAC
contacts are as follows:
+ +1 800 553 2447 (toll-free from within North America)
+ +1 408 526 7209 (toll call from anywhere in the world)
+ e-mail: tac@cisco.com
Please have your product serial number available and give the
URL of this notice as evidence of your entitlement to a
free upgrade. Free upgrades for non-contract customers must be
requested through the TAC.
Workarounds
There are no workarounds for these vulnerabilities.
Exploitation and Public Announcements
All three vulnerabilities are publicly known. Please see the
Details section for the original announcements.
The Cisco PSIRT is not aware of malicious use of the
vulnerabilities described in this advisory.
Status of This Notice: INTERIM
This is an interim security advisory. Cisco anticipates issuing
updated versions of this notice at irregular intervals as there
are material changes in the facts, and will continue to update
this notice as necessary. The reader is warned that this notice
may contain inaccurate or incomplete information. Although
Cisco cannot guarantee the accuracy of all statements in this
notice, all of the facts have been checked to the best of our
ability. Cisco anticipates issuing monthly updates of this
notice until it reaches FINAL status.
A standalone copy or paraphrase of the text of this security
advisory that omits the distribution URL in the following
section is an uncontrolled copy, and may lack important
information or contain factual errors.
Distribution
This notice will be posted on Cisco's Worldwide Web site at
http://www.cisco.com/warp/public/707/SSH-multiple-pub.html.
In addition to Worldwide Web posting, a text version of this
notice is clear-signed with the Cisco PSIRT PGP key and is
posted to the following e-mail and Usenet news recipients:
+ cust-security-announce@cisco.com
+ bugtraq@securityfocus.com
+ first-teams@first.org (includes CERT/CC)
+ cisco@spot.colorado.edu
+ comp.dcom.sys.cisco
+ firewalls@lists.gnac.com
+ Various internal Cisco mailing lists
Future updates of this notice, if any, will be placed on
Cisco's Worldwide Web server, but may or may not be actively
announced on mailing lists or newsgroups. Users concerned about
this problem are encouraged to check the URL given above for
any updates.
Revision History
Revision 1.0 2001-June-27 08:00 UTC -0800 Initial public release
Cisco Security Procedures
Complete information on reporting security vulnerabilities in
Cisco products, obtaining assistance with security incidents,
and registering to receive security information from Cisco, is
available on Cisco's Worldwide Web site at
http://www.cisco.com/warp/public/707/sec_incident_response.
shtml. This includes instructions for press inquiries regarding
Cisco security notices.
For a list of all advisories please visit
http://www.cisc.com/warp/public/707/advisory.html page.
__________________________________________________________
This notice is Copyright 2000 by Cisco Systems, Inc. This
notice may be redistributed freely after the release date given
at the top of the text, provided that redistributed copies are
complete and unmodified, and include all date and version
information.
__________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQEVAwUBOzn6T2iN3BRdFxkbAQHfnggAjJxdGNJpV38nVrVdfKl6QWLbtiJGHB4i
wi3fzNqBV3zOaPwu1VERhq5tco2S/r+WhtOZEq1vEiLjc4ck9sBn6hYH2WqBxJFY
98BZa0qNlzGIESiZdBJXkf6/C0gVnpZ+z2Feox0gnX+Xlow6ENxsCOX92zVXNpp4
DTLNxv2n6sH8RhnthQ1HXTFTck+/IpILKikEUwK4/W2mINc8GmAr0JHH+Fr9UJAR
jzCc8en7Q4y7OYMfUyIOPE6udO9VvG2+J7xpkDRsynFR9HJwibt50yudh23VtdKm
/EyDeB7WPLoZMch3GMK614PrYbq4Wp+hdo+KgJcSB1TH2+J3OJYtzA==
=gpvY
-----END PGP SIGNATURE-----
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:43 EDT