Date: Sat, 4 Dec 1999 17:45:20 -0500 From: Niels Provos <provos@CITI.UMICH.EDU> Subject: Re: Security Advisory: Buffer overflow in RSAREF2 To: BUGTRAQ@SECURITYFOCUS.COM In message <3846CC26.513CE96F@core-sdi.com>, Gerardo Richarte writes: > To make this clear: in combination with the buffer overflow in rsaglue. >c this makes possible to get >a remote shell on a machine running sshd AND it also makes possible to use a r >everse exploit to gain access on >clients' machines, using malicious sshd. I fear that this posting should have been even clearer. To sum the problem up more clearly: ssh-1.2.27 (if compiled with RSAREF2) is vulnerable. Attackers can obtain a shell on the machine running sshd. The exploit uses buffer overflows in the RSAREF2 implementation AND in the rsaglue.c file in ssh-1.2.27. I am surprised that there wasnt a bigger outrage on the mailing list about this, it is quite serious!!! On the other hand, OpenSSH is not vulnerable to this remote exploit. Since rsaglue.c was rewritten, OpenSSH does stricter parameter checking than ssh-1.2.27 and these recent problems in ssh-1.2.27 did NOT affect OpenSSH. Nonetheless, OpenSSH users in the USA that use OpenSSL compiled with RSAREF2 should update their ssl library (since isakmpd or httpd may be affected), see previous postings on Bugtraq, and http://www.openbsd.org/errata.html#sslUSA Another thing is worth mentioning, RSA could use the buffer overflow in RSAREF2 to scan machines in the USA for RSA license violation. For example, sshds that do not use RSAREF2 do will behave differently than those that do. Information on OpenSSH can be found at http://www.openssh.com/ Infomration on OpenSSL can be found at http://www.openssl.org/