Tools
Rapid7 research has identified several severe vulnerabilities in the SSH protocol. SSH (Secure SHell) is a protocol that allows two computers to connect securely and perform console and file transfer functions.
Many other uses of SSH are to connect applications that typically do not use a secure channel to use a secure channel in a "tunneling" mode. Security is the primary reason for using SSH over other equal though less secure protocols. Since SSH is used by so many vendors in their products, these vulnerabilities are broad-based and extensive.
We have developed a suite (SSHredder) of test cases that examine the connection initialization, key exchange, and negotiation phase (KEX, KEXINIT) of the SSH transport layer protocol. The suite tests the way an SSH transport layer implementation handles invalid or incorrect packet and string lengths, padding and padding length, malformed strings, and invalid algorithms. It may be downloaded free of charge and is published under the GNU licensing model which restricts its republication. Use of this suite allows clients and vendors to exercise their SSH based products and devices to detect protocol problems.
All vulnerabilities were discovered using the automated SSHredder test suite, which has been made publicly available by Rapid7. Get a free suite of test cases to identify security vulnerabilities in the SSH transport layer protocol.
Technical Details
SSHv2 client/server implementations from multiple vendors contain various vulnerabilities that could allow remote, unauthenticated attackers to execute arbitrary code with the privileges of the process or cause a denial of service. Successful exploitation of code-execution vulnerabilities against SSH servers would typically provide attackers with SYSTEM privileges under Windows and root privileges under Unix. Exploitation of clients would provide the privileges of the user running the client.
SSHredder contains over 600 distinct test cases that stress an SSH implementation by sending invalid or atypical packets during the connection initialization, key exchange, and negotiation phases of the protocol. These phases occur prior to user authentication.
The vulnerabilities affect many popular products in use today, however some products are affected more severely than others. The advisories do not discuss the problems with particular implementations individually.
- Risk - Remote root/SYSTEM-level compromise of SSH servers, SSH client compromise, and denial of service.
- Deployment - Significant
- Ease of Exploitation - Straightforward
- Download
SSHredderZIP [140 KB] - Whitepaper Using an Expert System for Deeper Vulnerability Scanning Free Whitepaper Download
