Cisco releases updates for SSH vulnerabilities in three different product lines
Cisco has released updates for a host of SSH flaws in three different product lines that are susceptible to multiple vulnerabilities in the Secure Shell (SSH) protocol. These issues are inherent to the SSH protocol version 1.5, which is implemented in several Cisco product lines. By exploiting the SSH protocol weakness, someone could insert an arbitrary command into an established SSH session and collect information that could help in a brute force key recovery, or in attacking with brute force a session key. A copy of the CISCO notice and update links are attached....
Cisco Security Advisory: Multiple SSH Vulnerabilities
Revision 1.0
For Public Release 2001 June 27 08:00 (UTC -0800)
Summary
Three different Cisco product lines are susceptible to multiple vulnerabilities in the
Secure Shell (SSH) protocol. These issues are inherent to the SSH protocol version 1.5,
which is implemented in several Cisco product lines.
By exploiting the weakness in the SSH protocol, it is possible to insert arbitrary
commands into an established SSH session, collect information that may help in brute force
key recovery, or brute force a session key.
Affected product lines are:
- All devices running Cisco® IOS software supporting SSH. This includes routers and
switches running Cisco IOS software. - Catalyst 6000 switches running CatOS.
- Cisco PIX Firewall.
No other Cisco products are vulnerable.
It is possible to mitigate this vulnerability by preventing, or having control over,
the interception of SSH traffic.This advisory will be posted at http://www.cisco.com/warp/public/707/SSH-multiple-pub.html.
Affected Products
The following table depicts the affected products categories.
Product Category
CRC-32 check
Traffic analysis
Key recoveryIOS
Vulnerable
CSCdt96253
Vulnerable
CSCdt57231
Vulnerable
CSCdu37371PIX
Vulnerable
CSCdt73353
Not vulnerable
Not vulnerableVPN3000
Not vulnerable
Not vulnerable
Not vulnerableCatalyst 6000
Vulnerable
CSCdt72996
Vulnerable
CSCdt55357
Not vulnerablePer product category, the following software releases are vulnerable:
IOS
All 12.0 and later releases that include support for SSH.PIX
5.2(5) and 5.3.(1)CatOS
6.2(0.110)VPN3000
Not vulnerableAn implementation of SSH in multiple Cisco products are vulnerable to three different
vulnerabilities. These vulnerabilities are:- CRC-32 integrity check vulnerability
- This vulnerability has been described in a CORE SDI S.A. paper entitled "An attack
on CRC-32 integrity checks of encrypted channels using CBC and CFB modes", which can
be found at http://www.core-sdi.com/soft/ssh/ssh.pdf.In order for this attack to succeed, an attacker must possess one or two known
chipertext/plaintext pairs. This should not be difficult since every session starts with a
greeting screen which is fixed and which can be determined. This also implies that an
attacker must be somewhere along the session path in order to be able to sniff the session
and collect corresponding chipertext.For further technical details, see http://www.core-sdi.com/soft/ssh/ssh.pdf.
- Traffic analysis
- This issue has been described in an analysis made by Solar Designer. It can be found at http://www.securityfocus.com/archive/1/169840,
and is entitled "Passive Analysis of SSH (Secure Shell) Traffic".To exploit
this vulnerability, an attacker must be able to capture packets. When sending a packet
using the SSH protocol, it is padded to the next 8-byte boundary, but the exact length of
the data (without the padding) is sent unencrypted.The timing between packets may yield additional information, such as the relative
position of a letter on the keyboard, but that depends on overall jitter in the network
and the typing habits of the person.For additional information, please see http://www.securityfocus.com/archive/1/169840.
- Key recovery in SSH protocol 1.5
- This has been discovered by CORE SDI S.A. and the paper describing it can be viewed at http://www.securityfocus.com/archive/1/161150.
The subject line is "SSH protocol 1.5 session key recovery vulnerability".In
order to exploit this vulnerability, an attacker must be able to sniff the SSH session and
be able to establish a connection to the SSH server. In order to recover the server key,
an attacker must perform an additional 2^20+2^19=1572864 connections. Since the key has a
lifespan of about an hour, this means that an attacker must perform around 400 connections
per second.For further details, please see http://www.securityfocus.com/archive/1/161150.
Impact
- CRC-32 integrity check vulnerability
- By exploiting this protocol weakness, the attacker can insert arbitrary commands in the
session after the session has been established.
- Traffic analysis
- This vulnerability exposes the exact lengths of the passwords used for login
authentication. This is only applicable to an interactive session that is being
established over the tunnel protected by SSH. This can significantly help an attacker in
guessing the password using the brute force attack.
- Key recovery in SSH protocol 1.5
- This vulnerability may lead to the compromise of the session key. Once the session key
is determined, the attacker can proceed to decrypt the stored session using any
implementation of the crypto algorithm used. This will reveal all information in an
unencrypted form.
The following software releases contain fixes for all vulnerabilities.
For Catalyst 6000 switches, all vulnerabilities are fixed in the following CatOS
releases.CatOS
6.1(2.13), 6.2(0.111) and 6.3(0.7)PANEach row of the table describes a release train and the platforms or products for which
it is intended. If a given release train is vulnerable, then the earliest possible
releases that contain the fix and the anticipated date of availability for each are listed
in the "Rebuild", "Interim", and "Maintenance" columns. A
device running any release in the given train that is earlier than the release in a
specific column (less than the earliest fixed release) is known to be vulnerable, and it
should be upgraded at least to the indicated release or a later version (greater than the
earliest fixed release label).When selecting a release, keep in mind the following definitions:
- Maintenance
- Most heavily tested and highly recommended release of any label in a given row of the
table. - Rebuild
- Constructed from the previous maintenance or major release in the same train, it
contains the fix for a specific defect. Although it receives less testing, it contains
only the minimal changes necessary to effect the repair. - Interim
- Built at regular intervals between maintenance releases and receives less testing.
Interims should be selected only if there is no other suitable release that addresses the
vulnerability, and interim images should be upgraded to the next available maintenance
release as soon as possible. Interim releases are not available through manufacturing, and
usually they are not available for customer download from CCO without prior arrangement
with the Cisco TAC.
In all cases, customers should exercise caution to be certain the devices to be
upgraded contain sufficient memory and that current hardware and software configurations
will continue to be supported properly by the new release. If the information is not
clear, contact the Cisco TAC for assistance as shown in the following section.More information on Cisco IOS software release names and abbreviations is available at http://www.cisco.com/warp/public/620/1.html.
For PIX Firewall software, use the following table to determine affected and fixed
software releases.Train
Description of Image or Platform
Availability of Fixed Releases*5.x-based Releases
Rebuild
Interim**
Maintenance5.2
Early Deployment (ED) for all platforms5.2(5)203
Available through TAC
5.2.(6)
Available in August5.3
Early Deployment (ED) for all platforms5.3(1)202
Available through TAC
5.3.(1)
Available in August6.x-based Releases
Rebuild
Interim**
Maintenance6.0
Early Deployment (ED) for all platforms6.0(1)
AvailableFor Cisco IOS software, use the following table to determine affected and fixed
software releases.Train
Description of Image or Platform
Availability of Fixed Releases*12.0-based Releases
Rebuild
Interim**
Maintenance12.0S
Core/ISP support: GSR, RSP, c7200
12.0(18)S
2001-July12.1-based Releases
Rebuild
Interim**
Maintenance12.1
General deployment release for all platforms
SSH not supported12.1AA
Dial support
SSH not supported12.1CX
Core/ISP support: GSR, RSP, c7200
SSH not supported12.1DA
xDSL support: 6100, 6200
SSH not supported12.1DB
Cisco IOS Software Release 12.1(1)DB supports Cisco?s 6400 Universal Access
Concentrator12.1DC
Cisco IOS Software Release 12.1(1)DC supports Cisco?s 6400 Universal Access
Concentrator12.1E
Core/ISP support: GSR, RSP, c720012.1(8a)E
2001-Jul-0912.1EC
12.1EC is being offered to allow early support of new features on the uBR7200
platform, as well as future support for new Universal Broadband Router headend platforms.12.1(6.5)EC3
12.1EX
Catalyst 6000 support12.1(8a)E
2001-Jul-0912.1EY
Cat8510c, Cat8510m, Cat8540c, Cat8540m, LS101012.1(6)EY
12.1EZ
Early Deployment (ED): special image
12.1(6)EZ212.1T
Early Deployment(ED): VPN, Distributed Director, various platforms
Not ScheduledUpgrade recommended to 12.2(1b)
12.1XA
Early Deployment (ED): limited platforms12.1XB
Early Deployment (ED): limited platforms12.1XC
Early Deployment (ED): limited platforms12.1XD
Early Deployment (ED): limited platforms
Not ScheduledUpgrade recommended to 12.2(1b)
12.1XE
Early Deployment (ED): limited platforms12.1XF
Early Deployment (ED): 811 and 813 (c800 images)
12.1(2)XF4
2001-July-0912.1XG
Early Deployment (ED): 800, 805, 820, and 1600
12.1(5)XG5
2001-July-0912.1XH
Early Deployment (ED): limited platforms
Not ScheduledUpgrade recommended to 12.2(1b)
12.1XI
Early Deployment (ED): limited platforms
Not ScheduledUpgrade recommended to 12.2(1b)
12.1XJ
Early Deployment (ED): limited platforms
Not ScheduledUpgrade recommended to 12.1(5)YB4
12.1XK
Early Deployment (ED): limited platforms
SSH not supported12.1XL
Early Deployment (ED): limited platforms
Not ScheduledUpgrade recommended to 12.2(1b)
12.1XM
Short-lived early deployment release
12.1(4)XM4
2001-June-2712.1XP
Early Deployment (ED): 1700 and SOHO
12.1(3)XP412.1XQ
Short-lived early deployment release
Not ScheduledUpgrade recommended to 12.2(1b)
12.1XR
Short-lived early deployment release
12.1(5)XR212.1XS
Short-lived early deployment release12.1XT
Early Deployment (ED): 1700 series
12.1(3)XT312.1XU
Early Deployment (ED): limited platforms
12.1(5)XU112.1XV
Short-lived early deployment release
12.1(5)XV3
2001-July12.1XW
Short-lived early deployment release
SSH not supported12.1XX
Short-lived early deployment release
SSH not supported12.1XY
Short-lived early deployment release
12.1(5)XY6
2001-July12.1XZ
Short-lived early deployment release
SSH not supported12.1YA
Short-lived early deployment release12.1YB
Short-lived early deployment release
12.1(5)YB412.1YC
Short-lived early deployment release
12.1(5)YC112.1YD
Short-lived early deployment release
12.1(5)YD2
2001-June-2512.1YF
Short-lived early deployment release
12.1(5)YF212.2-based Releases
Rebuild
Interim**
Maintenance12.2
General deployment release for all platforms
12.2(1b)
12.2(1.1)
12.2(3)
2001-August12.2T
General deployment release for all platforms12.2(2.2)T
12.2XA
SPLOB12.2(2)XA
2001-July-0212.2XD
Short-lived early deployment release
12.2(1)XD112.2XE
Short-lived early deployment release12.2(1)XE
12.2XH
Short-lived early deployment release12.2(1)XH
2001-June-2512.2XQ
Short-lived early deployment release12.2(1)XQ
2001-June-23Notes
* All dates are estimates and subject to change.
** Interim releases
are subjected to less rigorous testing than regular maintenance releases, and may have
serious bugs.Obtaining Fixed Software
Customers with contracts should obtain upgraded software through their regular update
channels. For most customers, this means that upgrades should be obtained through the
Software Center on Cisco's Worldwide Web site at http://www.cisco.com.Customers whose Cisco products are provided or maintained through prior or existing
agreement with third-party support organizations such as Cisco Partners, authorized
resellers, or service providers should contact that support organization for assistance
with the upgrade, which should be free of charge.Customers who purchase directly from Cisco but who do not hold a Cisco service
contract, and customers who purchase through third party vendors but are unsuccessful at
obtaining fixed software through their point of sale should get their upgrades by
contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows:- +1 800 553 2447 (toll-free from within North America)
- +1 408 526 7209 (toll call from anywhere in the world)
- e-mail: tac@cisco.com
Please have your product serial number available and give the URL of this advisory as
evidence of your entitlement to a free upgrade. Free upgrades for non-contract customers
must be requested through the TAC.Workarounds
There are no workarounds for these vulnerabilities.
Exploitation and Public Announcements
All three vulnerabilities are publicly known. Please see the Details
section for the original announcements.The Cisco PSIRT is not aware of malicious use of the vulnerabilities described in this
advisory.This is a final security advisory. Cisco anticipates issuing updated versions of this
notice at irregular intervals as there are material changes in the facts, and will
continue to update this notice as necessary. The reader is warned that this notice may
contain inaccurate or incomplete information. Although Cisco cannot guarantee the accuracy
of all statements in this notice, all of the facts have been checked to the best of our
ability. Cisco anticipates issuing monthly updates of this notice until it reaches FINAL
status.A standalone copy or paraphrase of the text of this security advisory that omits the
distribution URL in the following section is an uncontrolled copy, and may lack important
information or contain factual errors.This notice will be posted on Cisco's Worldwide Web site at http://www.cisco.com/warp/public/707/SSH-multiple-pub.html.
In addition to Worldwide Web posting, a text version of this notice is clear-signed with
the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients:- cust-security-announce@cisco.com
- bugtraq@securityfocus.com
- first-teams@first.org (includes CERT/CC)
- cisco@spot.colorado.edu
- comp.dcom.sys.cisco
- firewalls@lists.gnac.com
- Various internal Cisco mailing lists
Future updates of this notice, if any, will be placed on Cisco's Worldwide Web server,
but may or may not be actively announced on mailing lists or newsgroups. Users concerned
about this problem are encouraged to check the URL given above for any updates.Revision 1.0
2001-June-27 08:00 UTC -0800
Initial public releaseComplete information on reporting security vulnerabilities in Cisco products, obtaining
assistance with security incidents, and registering to receive security information from
Cisco, is available on Cisco's Worldwide Web site at http://www.cisco.com/warp/public/707/sec_incident_response.shtml.
This includes instructions for press inquiries regarding Cisco security notices.This notice is Copyright 2000 by Cisco Systems, Inc. This notice may be redistributed
freely after the release date given at the top of the text, provided that redistributed
copies are complete and unmodified, and include all date and version information.