A vulnerability exists in SSH Secure Shell that allows an intruder to log to an account which contains a stored encrypted password of two or fewer characters in length. An intruder may leverage the privileges of such an account to gain full control of the system.
Certain Unix and Linux systems ship with accounts containing two or fewer characters in the encrypted password field. For example, /etc/passwd or /etc/shadow might contain an entry similar to this:
Operating systems that do not use the crypt() hash function for password encryption are not vulnerable.
Intruders can gain elevated privileges which they may leverage into root access. According to SSH Communications Security's advisory:
SSH Communications Security recommends that customers upgrade to SSH Secure Shell 3.0.1 or later.
Alternative solutions provided in SSH Communications Security 's advisory include the following:
The CERT Coordination thanks SSH Communications Security for information used in this document..
This document was written by Art Manion.
|Date First Published:||2001-07-24|
|Date Last Updated:||2001-10-25 23:26 UTC|