__________________________________________________________

                       The U.S. Department of Energy
                     Computer Incident Advisory Center
                           ___  __ __    _     ___
                          /       |     /_\   /
                          \___  __|__  /   \  \___
             __________________________________________________________

                             INFORMATION BULLETIN

                  SSHD "AllowedAuthentications" Vulnerability
                     [SSH Communications Security Advisory]

May 22, 2002 17:00 GMT                                            Number M-081
______________________________________________________________________________
PROBLEM:       A remotely exploitable authentication vulnerability exists in 
               the SSH Communications Security SSH Secure Shell server, and 
               possibly other SSH servers. 
PLATFORM:      Commercial and non-commercial versions of SSH Secure Shell for 
               Servers, SSH Secure Shell for Workstations (UNIX client running 
               in server mode) and SSH Secure Shell for Windows Servers 3.0 
               through 3.11 
DAMAGE:        An attacker can attempt to authenticate to the vulnerable SSH 
               server using password authentication, even if the server is 
               configured to only allow public key authentication. 
SOLUTION:      Apply a patch from your vendor or upgrade your software. 
______________________________________________________________________________
VULNERABILITY  The risk is HIGH. As this information becomes widely known, 
ASSESSMENT:    your systems could be at even greater risk if appropriate 
               measures are not taken immediately. 
______________________________________________________________________________
LINKS: 
 CIAC BULLETIN:      http://www.ciac.org/ciac/bulletins/m-081.shtml 
 ORIGINAL BULLETIN:                                                           
                     http://www.ssh.com/products/ssh/advisories/authentication.cfm 
______________________________________________________________________________

[***** Start SSH Communications Security Advisory *****]
 
Security Advisory Regarding Vulnerability in SSH Secure Shell for Servers, 
SSH Secure Shell for Workstations (UNIX client running in server mode) and 
SSH Secure Shell for Windows Servers versions 3.0 through 3.1.1

SSH advises all users of commercial and non-commercial versions of SSH Secure 
Shell for Servers, SSH Secure Shell for Workstations (UNIX client running in 
server mode) and SSH Secure Shell for Windows Servers 3.0 through 3.11 to 
ensure the security of their systems. SSH Secure Shell for Workstations 
Windows client and SSH Secure Shell for Handhelds are NOT affected by this 
vulnerability. 

Short Explanation of the Vulnerability 

In configurations where "AllowedAuthentications" entry in the configuration 
options (in SSH Secure Shell for Servers and SSH Secure Shell for Windows 
Servers) does not include the keyword "Password" as an authentication option, 
some clients based on secure shell protocol version 2 may be capable of 
overriding the configuration and still achieve password authentication 
contrary to the explicit denial of password authentication. 

This may lead to a situation in which stronger authentication methods, 
such as SecurID or digital certificates, are being enforced, but weak 
passwords may have been defined by a system administrator due to the 
fact that password authentication is not expected to take place at all. 
As some secure shell protocol 2 based clients may be capable to override 
this system configuration, a possibility to exploit these weak passwords 
may occur. 

For more complete technical description of the vulnerability, please see 
paragraph "Technical Description of the Vulnerability" below. 

Solutions to this Vulnerability: 

	Workaround by using "RequiredAuthentications" 

	Upgrading to SSH Secure Shell for Servers, SSH Secure Shell for 
	Workstations (UNIX ) and SSH Secure Shell for Windows Servers 3.1.2 

	Recompiling with the patch
 
SSH Secure Shell for Servers, SSH Secure Shell for Workstations and SSH 
Secure Shell for Windows Servers version 3.1.2 fixes this problem. All 
existing customers of SSH Secure Shell for Servers and SSH Secure Shell 
for Windows Servers 3.0 through 3.1.1 have been provided with SSH Secure 
Shell for Servers 3.1.2, SSH Secure Shell for Workstations 3.1.2 or SSH 
Secure Shell for Windows Servers 3.1.2. 

We apologize for any inconvenience this may cause. SSH Communications 
Security takes security issues very seriously and a CERT advisory, 
submission to Bugtraq and notification to customers regarding this issue 
have been distributed. Please make every effort to ensure that your 
systems are protected using one of the above methods as quickly as possible.
As this information becomes widely known, your systems could be at even 
greater risk if appropriate measures are not taken immediately. 

SSH is Fully Committed to Serving and Supporting our Users. 

Please direct any questions you may have to the following: 

	Commercial customers:
	http://www.ssh.com/support/ssh/commercial_support.cfm 

Evaluating customers:
	http://www.ssh.com/support/ssh/pre-sales_support.cfm 

Non-Commercial customers: 

Please note that SSH cannot promise individual responses to 
non-commercial / educational users. We are fully committed to serving and 
supporting our non-commercial users through web, and will make publicly 
available any relevant information possible, which addresses your questions 
and concerns. Please utilize non- commercial support web pages at:
http://www.ssh.com/support/ssh/non-commercial_support.cfm 

Technical Description of the Vulnerability: 

Server configuration variable "AllowedAuthentications" can be overridden 
by a client, ignoring servers' list of allowed authentication methods. 

For example if server configuration sshd2_config specifies: 

	AllowedAuthentications
		hostbased, publickey

It is possible to login using password authentication with for example 
old PuTTY client versions. 

A workaround is to use "RequiredAuthentications" keyword instead of 
"AllowedAuthentications" in sshd2_config: 

	RequiredAuthentications
		hostbased, publickey

This will require both hostbased and publickey authentication to succeed 
before user is granted access to the system. The RequiredAuthentications 
will be enforced even if the client attempts to force a disallowed 
authentication method. 

Copyright © 2002 SSH Communications Security - All Rights Reserved

[***** End SSH Communications Security Advisory *****]

_______________________________________________________________________________

CIAC wishes to acknowledge the contributions of SSH Communications Security for the 
information contained in this bulletin.
_______________________________________________________________________________


CIAC, the Computer Incident Advisory Center, is the computer
security incident response team for the U.S. Department of Energy
(DOE) and the emergency backup response team for the National
Institutes of Health (NIH). CIAC is located at the Lawrence Livermore
National Laboratory in Livermore, California. CIAC is also a founding
member of FIRST, the Forum of Incident Response and Security Teams, a
global organization established to foster cooperation and coordination
among computer security teams worldwide.

CIAC services are available to DOE, DOE contractors, and the NIH. CIAC
can be contacted at:
    Voice:    +1 925-422-8193 (7x24)
    FAX:      +1 925-423-8002
    STU-III:  +1 925-423-2604
    E-mail:   ciac@ciac.org

Previous CIAC notices, anti-virus software, and other information are
available from the CIAC Computer Security Archive.

   World Wide Web:      http://www.ciac.org/
   Anonymous FTP:       ftp.ciac.org

PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing
communities receive CIAC bulletins.  If you are not part of these
communities, please contact your agency's response team to report
incidents. Your agency's team will coordinate with CIAC. The Forum of
Incident Response and Security Teams (FIRST) is a world-wide
organization. A list of FIRST member organizations and their
constituencies can be obtained via WWW at http://www.first.org/.

This document was prepared as an account of work sponsored by an
agency of the United States Government. Neither the United States
Government nor the University of California nor any of their
employees, makes any warranty, express or implied, or assumes any
legal liability or responsibility for the accuracy, completeness, or
usefulness of any information, apparatus, product, or process
disclosed, or represents that its use would not infringe privately
owned rights. Reference herein to any specific commercial products,
process, or service by trade name, trademark, manufacturer, or
otherwise, does not necessarily constitute or imply its endorsement,
recommendation or favoring by the United States Government or the
University of California. The views and opinions of authors expressed
herein do not necessarily state or reflect those of the United States
Government or the University of California, and shall not be used for
advertising or product endorsement purposes.

LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC)

M-071: Oracle9i User Privileges Vulnerability
M-072: FreeBSD stdio File Descriptors Vulnerability
M-073: Microsoft Outlook E-mail Editor Vulnerability
M-074: SGI IRIX cpr Vulnerability
M-075: HP Security Vulnerability in MPE/iX FTPSRVR
M-076: SGI IRIX nsd symlink Vulnerability
M-077: SGI IRIX Xlib Vulnerability
M-078: Sun Heap Overflow in Cachefs Daemon (cachefsd)
M-079: Format String Vulnerability in ISC DHCPD
M-080: SGI IRIX fsr_xfs Vulnerability