Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » NetBSD Security Advisory 2001-003

NetBSD Security Advisory 2001-003

by Phiber on February 16th, 2001 NetBSD systems may have a number of different implementations and versions of Secure Shell installed, either integrated with the system or third-party packages from pkgsrc.

A recent RAZOR Bindview Advisory (CAN-2001-0144) describes a buffer overrun vulnerability in Secure Shell daemons which may be present on some NetBSD systems....


In addition, a system configuration flaw could result in weak key
generation on some systems.



This advisory contains information and instructions to help NetBSD
users ensure that they are running an appropriate Secure Shell and
system configuration.



There are two distinct vulnerabilities:


1. A buffer overrun attack is present in the CRC32 Compensation
Attack Detector code added to work around a weakness in the SSHv1
protocol. This is described in the RAZOR Bindview advisory referenced below, technical details are not repeated here. This vulnerability could lead to remote root compromise, through execution of arbitrary code in an overflowed buffer.



2. Some NetBSD systems may not have the rnd(4) kernel randomness
generator psuedo-device configured. The OpenSSL library uses a
weak initialiser to seed its random number generator if this
device is not available.


This vulnerability could lead to compromise of cryptographic
sessions protected by keys generated through OpenSSL.

Programs that use the OpenSSL library as a source of randomness
(including key generation) will have weak random numbers as a
result. The OpenSSH code integrated into NetBSD-1.5 and
NetBSD-current uses this device (via /dev/urandom) directly as a
source of randomness to seed key generation. If it is not
available, it falls back to the OpenSSL library as an alternate
source of random input, which will in turn fail to open the device
and fall back on its weak internal initialiser. Other programs
which rely on OpenSSL will be similarly affected.



Solutions and more information are available in the whole advisory.



Download this advisory


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »