Correction at 5:50 a.m. PDT May 20: The spelling of Kenny Paterson's last name has been corrected.
An underlying flaw in the widely used encryption protocol Open Secure Shell (OpenSSH) has been made public by researchers from the Royal Holloway, University of London.
The flaw, which lies in version 4.7 of OpenSSH on Debian/GNU Linux, allows 32 bits of encrypted text to be rendered in plaintext, according to a research team from the Royal Holloway Information Security Group (ISG).
An attacker has a one in 262,144 chance of success. ISG lead professor Kenny Paterson told CNET News sister site ZDNet UK last Monday that the flaw is more significant than
"This is a design flaw in OpenSSH," said Paterson. "The other vulnerabilities have been more about coding errors."
According to Paterson, a man-in-the-middle attacker could sit on a network and grab blocks of encrypted text as they are sent from client to server. By retransmitting the blocks to the server, an attacker can work out the first four bytes of corresponding plaintext. The attacker can do this by counting how many bytes the attacker sends until the server generates an error message and tears down the connection, then working backward to deduce what was in the OpenSSH encryption field before encryption.
The attack relies on flaws in the RFC (Request for Comments) Internet standards that define SSH, said Paterson.
Paterson gave a talk on Monday at the IEEE Symposium on Security and Privacy in Oakland, Calif., to explain his group's research findings. The three ISG academics involved in the research were Paterson, Martin Albrecht, and Gaven Watson.
This vulnerability was first made public in November 2008 by the UK Centre for the Protection of National Infrastructure (CPNI), though full details of the flaw were not then given. According to the CPNI advisory, the OpenSSH flaw could be mitigated by IT professionals using AES (advanced encryption standard) in counter mode (CTR) to encrypt, instead of cipher-block chaining mode (CBC).
Paterson said his group had worked with OpenSSH developers to mitigate the flaw, and that OpenSSH version 5.2 contained countermeasures.
"They've fixed (OpenSSH); they've put countermeasures in place to stop our attack," said Paterson. "But the standard has not changed."
Paterson said that he did not believe this flaw had been exploited in the wild, and that to deduce a message of appreciable length could take days. In addition, proprietary SSH vendors had been informed of the issue in advance, and had put countermeasures in their code. However, Paterson added that it always takes time for system administrators to apply patches to servers and clients, no matter whether the software is open source or proprietary.
Tom Espiner of ZDNet UK reported from London.
With the release of Mac OS X 10.5.5 on Monday, the Cupertino, Calif., computer company provided patches for almost three dozen software flaws. Some of the fixes are specific to Apple features, such as image processing and Finder. Other fixes are updates to various open-source projects including Bind, ClamAV, OpenSSH, and Ruby.
Version 10.5.5 can be obtained from the Apple Software Downloads page.
ATS
This patch affects users of Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.4, and Mac OS X Server v10.5 through v10.5.4. The update addresses the issue in CVE-2008-2305 in which viewing a document containing a maliciously crafted font may lead to arbitrary code execution. Apple credits Chris Ries of Carnegie Mellon University Computing Services for reporting this vulnerability.
BIND
This patch affects users of Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.4, and Mac OS X Server v10.5 through v10.5.4. The update upgrades users to BIND version 9.4.2-P2, which addresses performance issues associated with BIND version 9.4.2-P1.
ClamAV
This patch affects users of Mac OS X Server v10.4.11 and Mac OS X Server v10.5 through v10.5.4. The update addresses the vulnerabilities detailed within CVE-2008-1100, CVE-2008-1387, CVE-2008-0314, CVE-2008-1833, CVE-2008-1835, CVE-2008-1836, CVE-2008-1837, CVE-2008-2713, and CVE-2008-3215 by updating Mac OS users to ClamAV version 0.93.3.
Directory Services
This patch affects users of Mac OS X v10.5 through v10.5.4 and Mac OS X Server v10.5 through v10.5.4. The update addresses the vulnerability detailed in CVE-2008-2329, in which a person with access to the log-in screen may be able to list user names. Apple says an information disclosure issue exists in Log-in Window when it is configured to authenticate users with Active Directory. "By supplying wildcard characters in the user name field, a list of user names from Active Directory may be displayed."
Directory Services II
This patch affects users of Mac OS X Server v10.4.11, Mac OS X Server v10.5 through v10.5.4. The update addresses the insecure file operation vulnerability within CVE-2008-2330, in which a local user may obtain the server password if an OpenLDAP system administrator runs slapconfig.
- prev
- 1
- next
