The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of OpenSSH: information disclosure via CBC

Synthesis of the vulnerability 

An attacker capturing an OpenSSH session has a low probability to obtain 32 bits of plain text.
Vulnerable software: Avaya Ethernet Routing Switch, CheckPoint Power-1 Appliance, SecurePlatform, CheckPoint Smart-1, CheckPoint UTM-1 Appliance, CheckPoint VSX-1, VNX Operating Environment, VNX Series, BIG-IP Hardware, TMOS, AIX, NetBSD, OpenSolaris, OpenSSH, Solaris, RHEL.
Severity of this announce: 1/4.
Creation date: 18/11/2008.
Revision date: 21/11/2008.
Références of this computer vulnerability: 247186, 6761890, BID-32319, CPNI-957037, CVE-2008-5161, DSA-2019-197, NetBSD-SA2009-005, RHSA-2009:1287-02, sk36343, sol14609, VIGILANCE-VUL-8251, VU#958563.

Description of the vulnerability 

The OpenSSH program encrypts data of sessions using a CBC (Cipher Block Chaining) algorithm by default.

If an attacker creates an error in the session,
 - he has one chance over 262144 (2^18) to obtain 32 bits of the unencrypted session
 - he has one chance over 16384 (2^14) to obtain 14 bits of the unencrypted session
This attack interrupts the SSH session, so the victim detects that a problem occurred.

This vulnerability does not impact the CTR (Counter) algorithm.

An attacker capturing an OpenSSH session, and injecting invalid data, thus has a low probability to obtain some bits of plain text.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This vulnerability impacts software or systems such as Avaya Ethernet Routing Switch, CheckPoint Power-1 Appliance, SecurePlatform, CheckPoint Smart-1, CheckPoint UTM-1 Appliance, CheckPoint VSX-1, VNX Operating Environment, VNX Series, BIG-IP Hardware, TMOS, AIX, NetBSD, OpenSolaris, OpenSSH, Solaris, RHEL.

Our Vigil@nce team determined that the severity of this security announce is low.

The trust level is of type confirmed by the editor, with an origin of LAN.

An attacker with a expert ability can exploit this computer vulnerability note.

Solutions for this threat 

OpenSSH: version 5.2.
Version 5.2 is corrected:
  http://www.openssh.com/

OpenSSH: workaround for CBC.
A workaround is to remove all CBC algorithms in the Cyphers directive of sshd_config, and to use for example:
  Ciphers aes128-ctr,aes192-ctr,aes256-ctr

AIX: OpenSSH version 5.2p1.
OpenSSH version 5.2p1 is corrected:
AIX 5.3:
  http://downloads.sourceforge.net/openssh-aix/openssh_5.2p1_aix53.tar.Z
AIX 6.1:
  http://downloads.sourceforge.net/openssh-aix/openssh_5.2p1_aix61.tar.Z

Avaya Ethernet Routing Switch 4800: version 5.10.1.
The version 5.10.1 is fixed:
  http://support.avaya.com/

Avaya Ethernet Routing Switch 4800: version 5.9.5.052/053.
The version 5.9.5.052/053 is fixed:
  http://www.avaya.com/

Check Point SecurePlatform: response for SSH.
Check Point indicates that future versions of SecurePlatform will be corrected.

Dell EMC VNXe: version MR4 Service Pack 5.
The version MR4 Service Pack 5 is fixed:
  https://www.dell.com/support/

F5: fixed versions for OpenSSH.
Fixed versions are indicated in information sources.

NetBSD: patch for ssh.
A patch is available in information sources.

RHEL 5: new openssh packages.
New packages are available:
  openssh-4.3p2-36.el5

Solaris: patch for SSH.
A workaround is to remove all CBC algorithms in the Cyphers directive of sshd_config.
A patch is available:
  SPARC Platform
    Solaris 9 : 122300-38
    Solaris 10 : 140774-02
    OpenSolaris : snv_105
  x86 Platform
    Solaris 9 : 122301-38
    Solaris 10 : 140775-02
    OpenSolaris : snv_105
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides software vulnerability analysis. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.