首页 -> 安全研究
安全研究
安全漏洞
多个SSH客户端协议改变默认警告不安全漏洞
发布日期:2002-07-22
更新日期:2002-07-30
受影响系统:
OpenSSH OpenSSH 3.4 p1描述:
OpenSSH OpenSSH 3.3 p1
OpenSSH OpenSSH 3.3
OpenSSH OpenSSH 3.2.3 p1
OpenSSH OpenSSH 3.2.2 p1
OpenSSH OpenSSH 3.2
OpenSSH OpenSSH 3.1 p1
OpenSSH OpenSSH 3.1
OpenSSH OpenSSH 3.1
OpenSSH OpenSSH 3.0.2
OpenSSH OpenSSH 3.0.2
OpenSSH OpenSSH 3.0.1
OpenSSH OpenSSH 2.9p2
OpenSSH OpenSSH 2.9p1
OpenSSH OpenSSH 2.9.9
OpenSSH OpenSSH 2.9
OpenSSH OpenSSH 2.5.2
OpenSSH OpenSSH 2.5.1
OpenSSH OpenSSH 2.5
OpenSSH OpenSSH 2.3
OpenSSH OpenSSH 2.2
OpenSSH OpenSSH 2.1.1
OpenSSH OpenSSH 2.1
SSH Communications Security SSH2 for Win32 3.1.2
SSH Communications Security SSH2 for Win32 3.1.1
SSH Communications Security SSH2 for Win32 3.1
SSH Communications Security SSH2 for Unix 3.1.2
SSH Communications Security SSH2 for Unix 3.1.1
SSH Communications Security SSH2 for Unix 3.1
SSH Communications Security SSH2 3.0
SSH Communications Security SSH2 3.0
SSH Communications Security SSH2 2.5
SSH Communications Security SSH2 2.5
SSH Communications Security SSH2 2.4
SSH Communications Security SSH2 2.4
SSH Communications Security SSH2 2.3
SSH Communications Security SSH2 2.3
SSH Communications Security SSH2 2.2
SSH Communications Security SSH2 2.2
SSH Communications Security SSH2 2.1
SSH Communications Security SSH2 2.1
SSH Communications Security SSH2 2.0.9
SSH Communications Security SSH2 2.0.9
SSH Communications Security SSH2 2.0.8
SSH Communications Security SSH2 2.0.8
SSH Communications Security SSH2 2.0.7
SSH Communications Security SSH2 2.0.7
SSH Communications Security SSH2 2.0.6
SSH Communications Security SSH2 2.0.6
SSH Communications Security SSH2 2.0.5
SSH Communications Security SSH2 2.0.5
SSH Communications Security SSH2 2.0.4
SSH Communications Security SSH2 2.0.4
SSH Communications Security SSH2 2.0.3
SSH Communications Security SSH2 2.0.3
SSH Communications Security SSH2 2.0.2
SSH Communications Security SSH2 2.0.2
SSH Communications Security SSH2 2.0.12
SSH Communications Security SSH2 2.0.12
SSH Communications Security SSH2 2.0.11
SSH Communications Security SSH2 2.0.11
SSH Communications Security SSH2 2.0.10
SSH Communications Security SSH2 2.0.10
SSH Communications Security SSH2 2.0.1
SSH Communications Security SSH2 2.0.1
SSH Communications Security SSH2 2.0
SSH Communications Security SSH2 2.0
OpenSSH OpenSSH 3.4
- Apple MacOS 10.0
- Linux系统
- Microsoft Windows 2000
- Unix系统
SSH Communications Security SSH2 3.0.1
- Microsoft Windows NT 4.0
- Microsoft Windows 98
- Microsoft Windows 95
- Microsoft Windows 2000
BUGTRAQ ID: 5284
SSH是一款可以对数据进行加密传输的程序。
SSH客户端对协议改变后接收的警告信息缺少正确的处理,远程攻击者可以利用这个漏洞通过Man-in-Middle方式进行攻击。
SSH在协商使用KEY进行加密通信前会交换Banner信息,一般的Banner信息如下所描述:
SSH-1.99-OpenSSH_2.2.0p1
SSH客户端通过这个信息知道使用协议1版本,并提取数据库中的相应Hostkey,但是如果攻击者向SSH客户端提供一个从未使用过的协议2版本的Banner信息如:
SSH-2.00-TESO-SSH
客户端此时查找其数据库并因为只发现服务器SSH1的KEY而认为丢失了hostkey,攻击者通过Mamn-in-Middle攻击提交如下的信息给SSH客户端:
Enabling compatibility mode for protocol 2.0
The authenticity of host ’lucifer (192.168.0.2)’ can’t be established.
DSA key fingerprint is ab:8a:18:15:67:04:18:34:ec:c9:ee:9b:89:b0:da:e6.
Are you sure you want to continue connecting (yes/no)?
可使SSH客户端简单的按yes来代替编辑Know_hosts文件并重新启动SSH客户端,一旦接收此hostkey,SSH客户端就连接到攻击者的SSH服务器,攻击者可以在自己的SSH服务器中记录登录用户名和密码并转发SSH连接到实际的SSH服务器,用户的帐户就在没有被提醒的情况下遭到破坏。
类似的Man-in-Middle攻击在SSH2协商MAC算法时也存在。
<*来源:stealth (stealth@segfault.net)
链接:http://archives.neohapsis.com/archives/bugtraq/2002-07/0249.html
*>
建议:
临时解决方法:
如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:
* 暂时没有合适的临时解决方法。
厂商补丁:
OpenSSH
-------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
http://www.openssh.com/
SSH Communications Security
---------------------------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
http://www.ssh.net/
浏览次数:5236
严重程度:0(网友投票)
绿盟科技给您安全的保障