-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===============================================================================
>>                                                      CERT-NL, 01-Mar-2000 <<
>> All CERT-NL information has been moved to http://cert.surfnet.nl.  Links  <<
>> to CERT-NL information contained in this advisory are therefore outdated. <<
>>                                                                           <<
>> CERT-NL also has stopped the CERT-CC-Mirror service.  Due to this the     <<
>> links to the CERT-CC mirror are obsolete. Visit the CERT-CC site for the  <<
>> complete CERT-CC advisory texts:                     http://www.cert.org  <<
===============================================================================
===============================================================================
Security Advisory                                                       CERT-NL
===============================================================================
Author/Source : Nico de Koo                                 Index  :    S-98-06
Distribution  : World                                       Page   :          1
Classification: External                                    Version:          1
Subject       : Vulnerability in ssh-agent for Unix         Date   :  02-Feb-98
===============================================================================

By courtesy of Secure Networks Inc. and CERT Coordination Center we received
information on a vulnerability in the ssh-agent for Unix systems.

We provide you the original advisory of Secure Networks Inc. This bulletin
is also provided by the CERT Coordination Center as
CERT Advisory CA-98.03.ssh-agent

CERT-NL recommends application of the provided patches.
==============================================================================

                        ######    ##   ##    ######
                        ##        ###  ##      ##
                        ######    ## # ##      ##
                            ##    ##  ###      ##
                        ###### .  ##   ## .  ######.

                            Secure Networks Inc.

                             Security Advisory
                              January 20, 1998

                          Vulnerability in ssh-agent


This advisory details a vulnerabily in the SSH cryptographic login
program.  The vulnerability enables users to use RSA credentials
belonging to other users who use the ssh-agent program.  This
vulnerability may allow an attacker on the same local host to login
to a remote server as the user utilizing SSH.


Problem Description:
~~~~~~~~~~~~~~~~~~~~

In order to avoid forcing users of RSA based authentication to go
through the trouble of retyping their pass phrase every time they wish
to use ssh, slogin, or scp, the SSH package includes a program called
ssh-agent, which manages RSA keys for the SSH program.  The ssh-agent
program creates a mode 700 directory in /tmp, and then creates an
AF_UNIX socket in that directory.  Later, the user runs the ssh-add
program, which adds his private key to the set of keys managed by the
ssh-agent program.  When the user wishes to access a service which
permits him to log in using only his RSA key, the SSH client connects
to the AF_UNIX socket, and asks the ssh-agent program for the key.

Unfortunately, when connecting to the AF_UNIX socket, the SSH client is
running as super-user, and performs insufficient permissions checking.
This makes it possible for users to trick their SSH clients into using
credentials belonging to other users.  The end result is that any user
who utilizes RSA authentication AND uses ssh-agent, is vulnerable.
Attackers can utilize this vulnerability to access remote accounts
belonging to the ssh-agent user.


Technical Details
~~~~~~~~~~~~~~~~~

When communicating with the ssh-agent program, the SSH program issues a
connect() system call as super-user to access the AF_UNIX socket.  By
utilizing symbolic links, an attacker can cause the SSH program to
connect to an alternate user's AF_UNIX socket, and read their RSA
credentials.  After the credentials have been read, SSH will use these
credentials to logon to the remote system as the victim.


Vulnerable Systems:
~~~~~~~~~~~~~~~~~~~

This vulnerability effects the Unix versions of SSH ONLY.

SSH for unix versions 1.2.17 through 1.2.21 are vulnerable if installed
with default permissions.  Versions of SSH prior to 1.2.17 are subject to
a similar (but different) attack.

F-Secure SSH for Unix systems prior to release 1.3.3 ARE vulnerable.

You can determine the version of SSH you are running by issuing the case
sensitive command:

% ssh -V

Version 1.1 of the windows-based SSH client sold by Data Fellows Inc.
under the F-Secure brand name is NOT vulnerable to this attack.

Versions 1.0 and 1.0a of Mac SSH are NOT vulnerable to this attack.


Fix Resolution:
~~~~~~~~~~~~~~~

Non-commercial users:

If using the free non-commercial SSH distribution for Unix, administrators
are urged to upgrade to SSH 1.2.22 or later.  Updated versions of the free
unix SSH can be found at ftp://ftp.cs.hut.fi/pub/ssh


Commercial users:

F-Secure SSH version 1.3.3 fixes this security problem.  If you are using
the commercial Data Fellows SSH package and you have a support contract,
you can obtain SSH version 1.3.3 from your local retailer.

Users without a support contract can obtain a diff file which fixes
this problem.  This file can be obtained from:

http://www.DataFellows.com/f-secure/support/ssh/bug/su132patch.html


Workaround:

As a temporary workaround, administrators may remove the setuid bit from
the SSH binary.  This will prevent the attack from working, but will
disable a form of authentication documented as rhosts-RSA.  For example,
if your SSH binary is in the /usr/local/bin directory, the following
command will remove the setuid bit from the SSH binary:

# chmod u-s /usr/local/bin/ssh


Additional Information
~~~~~~~~~~~~~~~~~~~~~~

SSH is a cryptographic rsh, rlogin, and rcp replacement.  SSH was
written by Tatu Ylonen <ylo@cs.hut.fi>.  For more information about the
noncommercial unix version of SSH, please see http://www.cs.hut.fi/ssh

Commercial versions of ssh are marketed by Data Fellows Inc.  For
information about the F-secure ssh derivatives sold by Data Fellows Inc,
please see http://www.DataFellows.com/f-secure

This vulnerability was discovered by David Sacerdote <davids@secnet.com>.

For more information regarding this advisory, contact Secure Networks
Inc. as <sni@secnet.com>.  A PGP public key is provided below if
privacy is required.

Type Bits/KeyID    Date       User ID
pub  1024/9E55000D 1997/01/13 Secure Networks Inc. <sni@secnet.com>
                              Secure Networks <security@secnet.com>


Copyright Notice
~~~~~~~~~~~~~~~~
The contents of this advisory are Copyright (C) 1997 Secure Networks
Inc, and may be distributed freely provided that no fee is charged for
distribution, and that proper credit is given.

 You can find Secure Networks papers at ftp://ftp.secnet.com/pub/papers
 and advisories at ftp://ftp.secnet.com/advisories

 You can browse our web site at http://www.secnet.com

 You can subscribe to our security advisory mailing list by sending mail
 to majordomo@secnet.com with the line "subscribe sni-advisories"

==============================================================================
CERT-NL wishes to thank Secure Networks Inc. and CERT Coordination Center for
bringing this information to our attention
==============================================================================
CERT-NL is the Computer Emergency Response Team for SURFnet customers. SURFnet
is the Dutch network for educational, research and related institutes. CERT-NL
is a member of the Forum of Incident Response and Security Teams (FIRST).

All CERT-NL material is available under:
  http://cert.surfnet.nl/

In case of computer or network security problems please contact your local
CERT/security-team or CERT-NL  (if your institute is NOT a SURFnet customer
please address the appropriate (local) CERT/security-team).

CERT-NL is one/two hour(s) ahead of UTC (GMT) in winter/summer,
i.e. UTC+0100 in winter and UTC+0200 in summer (DST).

   Email:     cert-nl@surfnet.nl     ATTENDED REGULARLY ALL DAYS
   Phone:     +31 302 305 305        BUSINESS HOURS ONLY
   Fax:       +31 302 305 329        BUSINESS HOURS ONLY
   Snailmail: SURFnet bv
              Attn. CERT-NL
              P.O. Box 19035
              NL - 3501 DA  UTRECHT
              The Netherlands

NOODGEVALLEN:    06 22 92 35 64      ALTIJD BEREIKBAAR
EMERGENCIES : +31 6 22 92 35 64      ATTENDED AT ALL TIMES
CERT-NL'S EMERGENCY PHONENUMBER IS ONLY TO BE USED IN CASE OF EMERGENCIES:
THE SURFNET HELPDESK OPERATING THE EMERGENCY NUMBER HAS A *FIXED*
PROCEDURE FOR DEALING WITH YOUR ALERT AND WILL IN REGULAR CASES RELAY IT
TO CERT-NL IN AN APPROPRIATE MANNER. CERT-NL WILL THEN CONTACT YOU.
===============================================================================

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.1i

iQA/AwUBOL6IejSYjBqwfc9jEQJHNwCg/aFM4DFvRqJmurc/25sLicyXc8oAoLnY
WKScCptk1Ce+iSU+B4xYVo+u
=3fGE
-----END PGP SIGNATURE-----