COMMAND

    ssh

SYSTEMS AFFECTED

    Unix systems running SSH versions 1.2.17 through 1.2.21

PROBLEM

    Following info is  based on SNI  Security Advisory. That  advisory
    details a vulnerabily in the SSH cryptographic login program.  The
    vulnerability enables  users to  use RSA  credentials belonging to
    other users who use the ssh-agent program.  This vulnerability may
    allow an  attacker on  the same  local host  to login  to a remote
    server as the user utilizing SSH.

    In order to avoid forcing users of RSA based authentication to  go
    through the trouble of retyping their pass phrase every time  they
    wish  to  use  ssh,  slogin,  or  scp,  the SSH package includes a
    program  called  ssh-agent,  which  manages  RSA  keys for the SSH
    program.  The  ssh-agent program creates  a mode 700  directory in
    /tmp,  and  then  creates  an  AF_UNIX  socket  in that directory.
    Later, the user runs the  ssh-add program, which adds his  private
    key to the  set of keys  managed by the  ssh-agent program.   When
    the user wishes to  access a service which  permits him to log  in
    using only  his RSA  key, the  SSH client  connects to the AF_UNIX
    socket, and asks the ssh-agent program for the key.

    Unfortunately,  when  connecting  to  the  AF_UNIX socket, the SSH
    client  is  running  as  super-user,  and  performs   insufficient
    permissions checking.  This makes  it possible for users to  trick
    their SSH clients into using credentials belonging to other users.
    The end result  is that any  user who utilizes  RSA authentication
    AND uses  ssh-agent, is  vulnerable.   Attackers can  utilize this
    vulnerability  to   access  remote   accounts  belonging   to  the
    ssh-agent user.

    So, when communicating with the ssh-agent program, the SSH program
    issues  a  connect()  system  call  as  super-user  to  access the
    AF_UNIX  socket.   By  utilizing  symbolic  links, an attacker can
    cause the SSH  program to connect  to an alternate  user's AF_UNIX
    socket, and  read their  RSA credentials.   After the  credentials
    have been  read, SSH  will use  these credentials  to logon to the
    remote system as the victim.

SOLUTION

    SSH  for  unix  versions  1.2.17  through 1.2.21 are vulnerable if
    installed  with  default  permissions.   Versions  of SSH prior to
    1.2.17 are subject to a similar (but different) attack.   F-Secure
    SSH for Unix  systems prior to  release 1.3.3 ARE  vulnerable.  If
    using  the   free  non-commercial   SSH  distribution   for  Unix,
    administrators  are  urged  to  upgrade  to  SSH  1.2.22 or later.
    Updated versions of the free unix SSH can be found at:

        ftp://ftp.cs.hut.fi/pub/ssh

    F-Secure SSH version  1.3.3 fixes this  security problem.   If you
    are using the commercial Data  Fellows SSH package and you  have a
    support contract, you can obtain SSH version 1.3.3 from your local
    retailer.   Users without  a support  contract can  obtain a  diff
    file which fixes this problem.  This file can be obtained from:

        http://www.DataFellows.com/f-secure/support/ssh/bug/su132patch.html

    As a  temporary workaround,  administrators may  remove the setuid
    bit  from  the  SSH  binary.   This  will  prevent the attack from
    working, but will disable  a form of authentication  documented as
    rhosts-RSA.   For  example,   if  your  SSH   binary  is  in   the
    /usr/local/bin directory,  the following  command will  remove the
    setuid bit from the SSH binary:

        # chmod u-s /usr/local/bin/ssh