—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
Liebe Kolleginnen und Kollegen,
soeben erreichte uns nachfolgendes Sun Security Advisory. Wir geben
diese Informationen unveraendert an Sie weiter.
Bitte beachten Sie, dass dies ein Update des Advisories ist, das die
folgenden Aenderungen betrifft:
Mit diesem Update stellt Sun neue Patches fuer Solaris 9 zur
Verfuegung
Sun Bug Id 6761890 – Schwachstelle in Sun Solaris SSH
Wird die Sun Solaris SSH mit einer Verschluesselung betrieben, die
Cipher Block Chaining (CBC) verwendet, besteht eine Moeglichkeit fuer
entfernte Angreifer einen Teil des Klartextes zu erlangen. Die
Erfolgschancen sind allerdings wahrscheinlich sehr gering und durch
den Angriff wird die Verbindung abgebrochen.
Betroffen sind die folgenden Software Pakete und Plattformen:
Solaris 9
Solaris 10
OpenSolaris
SPARC Plattform:
* Solaris 9 ohne Interims-Patch IDR140442-02
* Solaris 10 ohne Patch 140774-02
* OpenSolaris vor Build snv_105
x86 Plattform:
* Solaris 9 ohne Interims-Patch IDR140443-02
* Solaris 10 ohne Patch 140775-02
* OpenSolaris vor Build snv_105
Vom Hersteller werden ueberarbeitete Pakete zur Verfuegung gestellt.
Weiterhin existieren Workarounds:
Der Hersteller empfiehlt die Verschluesselungs-Algorithmen zu
deaktivieren, die den CBC-Mode verwenden.
Hersteller Advisory:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-247186-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-247186-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-247186-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-247186-1
(c) der deutschen Zusammenfassung bei DFN-CERT Services GmbH; die
Verbreitung, auch auszugsweise, ist nur unter Hinweis auf den Urheber,
DFN-CERT Services GmbH, und nur zu nicht kommerziellen Zwecken
gestattet.
Mit freundlichen Gruessen,
Detlev O. Matthies
– —
Detlev O. Matthies, M.Sc. (Incident Response Team)
DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-555
Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
Sachsenstrasse 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski
Automatische Warnmeldungen https://www.cert.dfn.de/autowarn
Solution Type Sun Alert
Solution 247186 : A Security Vulnerability in Solaris Secure Shell
(SSH) May Expose Some Plain Text From Encrypted Traffic
Related Categories
* Home>Content>Sun Alert Criteria Categories>Security
* Home>Content>Sun Alert Release Phase>Resolved
Bug ID
6761890
Product
Solaris 9 Operating System
Solaris 10 Operating System
OpenSolaris
Date of Workaround Release
05-Dec-2008
Date of Resolved Release
02-Apr-2009
SA Document Body
A Security Vulnerability in Solaris Secure Shell (SSH) May Expose Some Plain Te
xt From Encrypted Traffic
1. Impact
A security vulnerability in the Solaris Secure Shell (SSH) software
(see ssh(1)), when used with CBC-mode ciphers and (SSH protocol version
2), may allow a remote unprivileged user who is able to intercept SSH
network traffic to gain access to a portion of plain text information
from intercepted traffic which would otherwise be encrypted.
This issue is also referenced in the following documents:
CERT Vulnerability VU#958563 at http://www.kb.cert.org/vuls/id/958563
http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt
2. Contributing Factors
This issue can occur in the following releases:
SPARC Platform:
* Solaris 9 without patch 122300-38
* Solaris 10 without patch 140774-02
* OpenSolaris based upon builds snv_01 through snv_104
x86 Platform:
* Solaris 9 without patch 122301-38
* Solaris 10 without patch 140775-02
* OpenSolaris based upon builds snv_01 through snv_104
Notes:
1. Solaris 8 does not include the SSH software and is not impacted by
this issue.
2. This issue only impacts SSH connections which are using a CBC mode
cipher to encrypt the traffic. Both the client and the server in an SSH
connection can maintain separate lists of supported ciphers and a
cipher will be chosen from the overlap within those two lists.
To determine the ciphers that a Sun SSH server is configured to use,
search for the ‘Ciphers’ setting in the sshd_config(4) file, as in the
following example:
$ grep Ciphers /etc/ssh/sshd_config
Ciphers arcfour,3des-cbc
If there is no output, or the only lines which appear are commented
(begin with a ‘#’) then the default cipher list will be used, which is
documented in the sshd_config(4) man page.
3. Symptoms
There are no symptoms which would indicate this issue has been
exploited to gain unauthorized access to plain text information from
encrypted SSH traffic.
4. Workaround
This issue only occurs when CBC mode ciphers are in use. Therefore, it
is possible to work around this issue by disabling the use of those
ciphers.
For example, editing the sshd_config(4) file for a Sun SSH server to
remove all references to CBC ciphers within the ‘Ciphers’ setting of
that file will prevent connections to that server from using the CBC
ciphers. The SSH server should be restarted after making this change,
as in the following example for Solaris 10:
# svcadm restart ssh
or for Solaris 9:
# /etc/init.d/sshd stop ; /etc/init.d/sshd start
5. Resolution
This issue is addressed in the following releases:
SPARC Platform
* Solaris 9 with patch 122300-38 or later
* Solaris 10 with patch 140774-02 or later
* OpenSolaris based upon builds snv_105 or later
x86 Platform
* Solaris 9 with patch 122301-38 or later
* Solaris 10 with patch 140775-02 or later
* OpenSolaris based upon builds snv_105 or later
For more information on Security Sun Alerts, see Technical Instruction
ID 213557.
This Sun Alert notification is being provided to you on an “AS IS”
basis. This Sun Alert notification may contain information provided by
third parties. The issues described in this Sun Alert notification may
or may not impact your system(s). Sun makes no representations,
warranties, or guarantees as to the information contained herein. ANY
AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION
WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR
NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU
ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT
OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. This
Sun Alert notification contains Sun proprietary and confidential
information. It is being provided to you pursuant to the provisions of
your agreement to purchase services from Sun, or, if you do not have
such an agreement, the Sun.com Terms of Use. This Sun Alert
notification may only be used for the purposes contemplated by these
agreements.
Copyright 2000-2009 Sun Microsystems, Inc., 4150 Network Circle, Santa
Clara, CA 95054 U.S.A. All rights reserved.
Modification History
09-Feb-2009: Updated Workaround section for IDRs
25-Feb-2009: Updated Contributing Factors and Resolution sections
02-Apr-2009: Updated Contributing Factors and Resolution sections, issue Resolv
ed
Attachments
This solution has no attachment
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFJ2xnUk0kIxZMiiQ8RAqxfAKCSQB2zVIQJytt1ra514REzwJuZWQCdGJ48
e0adLBKvHnkui5Be7Gx975U=
=bc8R
—–END PGP SIGNATURE—–
