Vulnerability Note VU#737548
Sun Solaris SSH Daemon fails to properly log client IP addresses
The Sun Solaris Secure Shell Daemon (sshd) may incorrectly log client IP addresses.
SSH is a program used to provide secure connection and communications between client and servers. Upon connecting to the service, the client's IP address is logged. There is a vulnerability in the Sun Solaris SSH Daemon that may cause it to inaccurately log the IP addresses of clients. When the SSH Daemon initializes, it reads configuration information from the sshd_config file. If this file contains the "ListenAddress" keyword configured in a specific way, SSH will fail to properly log client IP addresses.
According to the Sun Security Advisory:
To determine which interfaces on a system are configured to use IPv4 the following command can be run:
$ ifconfig -a4
lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
eri0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1400 index 2
inet 192.168.254.202 netmask ffffff00 broadcast 192.168.254.255
The IP address logged by the SSH Daemon will contain all zeroes rather than the correct IP address of the client. Therefore, when reviewing the log files, system administrators may not be able to accurately identify clients who have connected to the service.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Sun Microsystems Inc.||Affected||-||14 Apr 2004|
CVSS Metrics (Learn More)
This vulnerability was reported by Sun Microsystems Inc.
This document was written by Damon Morda.
- CVE IDs: Unknown
- Date Public: 07 Apr 2004
- Date First Published: 14 Apr 2004
- Date Last Updated: 14 Apr 2004
- Severity Metric: 5.06
- Document Revision: 26
If you have feedback, comments, or additional information about this vulnerability, please send us email.