Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » BitVise WinSSH Denial of Service

BitVise WinSSH Denial of Service

by Nikola Strahija on March 18th, 2002 Using "ill-intended connection attempts", a malicious user could bring the server to a state where it would no longer accept incoming SSH connections.


BitVise WinSSH prior to build 2002-03-16 on Windows 2000 Server.


Due to differences in the SSHd and the underlying socket layer, it
was possible to abruptly end sessions and not have those freed
properly by the sshd. Each incomplete connection would use up a few
memory handles and allocate nonpaged kernel memory.

Windows can only handle a certain amount of kernel memory being
allocated, after that point most applications begin acting peculiar.

During testing we repeatedly caused the server to no longer accept
connections to port 22 (connection refused). This took about
1840x254 connections, but since it's not time or bandwidth related,
this attack could be carried out from a normal modem dialup,
and still be succesful.

The vendor has limited the amount of simultaneous unathenticated
sessions and put a timeout of 60 seconds on each connection.


Vendor URL:
===========
You can visit the vendors webpage here: http://www.bitvise.com

Vendor response:
================
The vendor was contacted on the 25th of February, 2002. On the
16th of March the vendor released the new build, that corrected
the issue. On the 18th of January, 2002, it was confirmed that the
patch corrected the issue mentioned in this advisory.

Corrective action:
==================
Upgrade to the latest build, which can be downloaded here:
http://www.bitvise.com/existing-users.html



Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »