Flaw gives hackers key to Unix computers

posted onJuly 24, 2001
by hitbsecnews

A flaw in widely used Unix software could allow attackers to gain control over computers running
Solaris, HP-UX and several versions of Linux, security analysts and the company selling the
software warned Monday.

SSH Communications Security, a Finnish company, reported Monday that the latest edition of its SSH Secure
Shell software, version 3.0.0, released June 21, can let an attacker gain control over some Unix or Linux
computers.

SSH is software designed to
secure the text-based user
interface--or "shell"--people
use to remotely log in to
computers and send them
commands. SSH checks
people's passwords and lets
authorized individuals open
and use the shell by way of an
encrypted communications
channel. The encryption
prevents outsiders from
intercepting the commands
sent from computer to
computer.

As a result of the vulnerability,
though, SSH lets anyone
remotely log in to an account
that uses a two-character
password by simply leaving
the password field blank and
hitting Enter. A two-character
password is not likely for most
active users' accounts, but it's common for several administrative accounts for functions such as controlling
printers or for accounts that the system administrator has locked to temporarily disable access, said Dan
Ingevaldson, leader of Internet Security Systems' X-Force research and development team.

"In certain cases, users could log in to accounts with any password," said Al David, senior director for technical
services at SSH. That initial access then could serve as a launching point for a second attack that could give the
attacker complete control over the system.

SSH released a patch, version 3.0.1, which can be downloaded from the company's FTP site.

The security hole is a strong risk, Ingevaldson said, though it's ameliorated by the fact that SSH doesn't ship by
default with any of the vulnerable operating systems.

"It's a pretty big bug. Secure Shell is a trusted" software tool in very widespread use--though not necessarily
SSH's version. "I'm quite positive there are scripting utilities being written or used right now" to scan for the
vulnerability and take advantage of it, Ingevaldson said.

Security vulnerabilities, while an ages-old problem for computer administrators, are gaining importance as the
Internet grows in popularity, the number of networked computers increases, and companies come to depend on
those computers. Most recently, many Windows systems were susceptible to the Code Red worm, which
spread so far that it tried to infect every single Internet address more than 20 times on average.

There are some caveats that reduce the severity of the SSH problem, though, chief among them the fact that
version 3.0.0 is relatively new.

A hurdle for would-be attackers is that administrative utilities such as the one that controls printers typically
can't open a shell for issuing commands to the computer, said Dave Wreski, chief technology officer of Guardian
Digital. Those programs interact directly, without need of a user interface.

But attackers still could take control of the system, said Stephanie Thomas, an SSH technical support specialist.
"The belief is that even without a shell, this could be exploited," she said.

Chairman Tatu Ylonen founded SSH in 1995 when he launched a software project to replace Unix's "telnet"
command to log in to remote computers. SSH's encrypted communications channel shields commands sent in the
open, as with telnet.

Early versions of the software were freely available and became the basis of other projects such as OpenSSH,
which ships with several versions of Linux.

SSH heard about the problem late Wednesday and began notifying customers Thursday. However, the company
said, many people have downloaded the software because it may be used free for academic or other
noncommercial uses. In addition, the SSH license permits free use on freely available operating systems such as
Linux and FreeBSD.

In addition to the security problem with version 3.0.0, HP-UX computers running SSH version 2.3 or 2.4 are
vulnerable if an administrator has created an account with a two-character password--something the operating
system wouldn't do on its own.

Versions of Linux that are vulnerable include those from Red Hat, Caldera International, SuSE and Debian, the
company and experts said.

ZDNet

Source

Tags

Networking

You May Also Like

Other Articles In This Section

Recent News

Tuesday, July 9th

China's APT40 gang is ready to attack vulns within hours or days of public release
AI-Powered Super Soldiers Are More Than Just a Pipe Dream
The president ordered a board to probe a massive Russian cyberattack. It never did.
Massive car dealer ransom attack is mostly over after 2 weeks of work-arounds

Wednesday, July 3rd

“RegreSSHion” vulnerability in OpenSSH gives attackers root on Linux
Two of the German military’s new spy satellites appear to have failed in orbit

Friday, June 28th

Indonesian Airports, Data Centres Hit By Worst Cyberattack in Years
Cisco Talos warns of wider security implications following Snowflake breach

Thursday, June 27th

I Wore Meta Ray-Bans in Montreal to Test Their AI Translation Skills. It Did Not Go Well
Researchers upend AI status quo by eliminating matrix multiplication in LLMs
YouTube tries convincing record labels to license music for AI song generator
Critical MOVEit vulnerability puts huge swaths of the Internet at severe risk
Julian Assange to plead guilty but is going home after long extradition fight

Thursday, June 13th

Hackers show off jailbroken checkm8-vulnerable iPad and Apple TV running iPadOS 18 & tvOS 18 respectively
One of the major sellers of detailed driver behavioral data is shutting down
Turkish student creates custom AI device for cheating university exam, gets arrested

Wednesday, June 12th

Chinese-Made Biometric Access System Has 24 Vulnerabilities
Apple and OpenAI currently have the most misunderstood partnership in tech
Adobe to update vague AI terms after users threaten to cancel subscriptions
China state hackers infected 20,000 Fortinet VPNs

Tuesday, June 11th

Russia Is Targeting Germany With Fake Information as Europe Votes
Apple announces macOS 15 Sequoia with window tiling, iPhone mirroring, and more
Apple integrates ChatGPT into Siri, iOS, and macOS
British police to scan 480,000 Formula 1 fans’ faces at Silverstone
Hackers steal “significant volume” of data from hundreds of Snowflake customers

Friday, June 7th

7,000 LockBit decryption keys now in the hands of the FBI, offering victims hope
FCC pushes ISPs to fix security flaws in Internet routing
Can a technology called RAG keep AI models from making stuff up?
How to Lead an Army of Digital Sleuths in the Age of AI

Thursday, June 6th

Mystery object waits nearly an hour between radio bursts
Apple refused to pay bug bounty to Russian cybersecurity firm Kaspersky Lab
Ex-Microsoft security expert torches Windows' new 'Recall' feature
The Age of the Drone Police Is Here

Wednesday, June 5th

Ukrainian Systems Hit by Cobalt Strike Via a Malicious Excel File
TikTok Hack Targets ‘High-Profile’ Users via DMs