Ingrian Networks, Inc. Information for VU#333628

OpenSSH contains buffer management errors

Status

Affected

Vendor Statement

Ingrian Networks Security Advisory ING-2003-05

Revision 1.0

Dated: 9/22/2003

Posted: https://www.ingrian.com/support/iwsc/security.php


Summary
=======


The Ingrian DataSecure platform secures business applications and data.

This advisory describes a vulnerabilty in all Ingrian platforms.
This vulnerability is in the SSH server, which is used for secure
access to the command line interface (CLI). There are buffer overflow
bugs in the SSH server that could allow an attacker who can connect to the
ssh port to crash the SSH server. At this time there are no
known exploits, nor are there any known attacks that exploit the
buffer overflow to obtain access to an Ingrian device.


There is a workaround: block access to port 22 (ssh) at the firewall.


Applying the appropriate patch from those listed below will
fix the vulnerability. The patches are available at
https://www.ingrian.com/support/iwsc/security.php



Affected Products
=================

All releases of the IngrianOS.

Details
=======


Sshd, prior to version 3.71, contains buffer overflow bugs that
can allow an attacker to crash the program.

This vulnerability was announced in CERT advisory CA-2003-24
(http://www.cert.org/advisories/CA-2003-24.html)


Impact
======

An attacker could use this vulnerability to perform a denial-of-service
attack on an Ingrian device. Since the Ingrian watches and restarts
critical services, even if the vulnerability were exploited on an
Ingrian device, the period that service would be denied is short.
If attackers develop exploits that put the attacker's code on the
stack, it would be possible for them to obtain access to the
affected machines.

Ingrian is not aware of any exploits currently in the field.


Software Versions and Fixes
===========================


This vulnerability is fixed in these patches:

2.6.3p02
2.8.2p02
2.9.0p07

These patches are released as "untested" patches, meaning that they
have gone through an acceptance test but have not yet passed the
full QA cycle. Fully tested patches will be released shortly.
Please contact your Ingrian representative.


Obtaining A Fix
===============

Customers with service contracts should go through the regular
update channels to obtain the software upgrades identified in this
advisory. For most customers with service contracts, this means
that upgrades should be obtained through the Ingrian Support Center
at https://www.ingrian.com/suppport


Workarounds
===========

This vulnerability exists only when attackers can access the
ssh port, port 22. Disabling access to port 22 at the outer
firewall prevents the attack. See your firewall vendors'
documentation for details.

Another workaround is to disable SSH Administration.
To do this, select Maintenance, then Services. Click on
'SSH Administration' and then click the 'disable startup' button.
Then click 'Stop'.


Source
======

This vulnerability was reported in CERT announcement CA-2003-24.


Revision History
================

Version 1.0, dated 9/19/2003


Copyright
=========

This advisory is copyright 2003 by Ingrian Networks, Inc. This advisory
may be redistributed freely, provided that redistributed copies are
complete and unmodified, including all date and version information.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.