Researchers Warn of Serious SSH Flaws

Security researchers have discovered a set of vulnerabilities in several vendors implementations of the SSHv2 protocol that could give an attacker the ability to execute code on remote machines. The new flaws are especially dangerous in that they occur before authentication takes place.

The SSH (secure shell) protocol is a transport layer protocol that enables clients to connect securely to a remote server. Its often used for remote administration purposes.

Although the results of exploiting one of these vulnerabilities varies by vendor and vulnerability, attackers could, in some cases, run code on remote machines or launch denial-of-service attacks. Rapid 7 Inc., the New York-based security company that found the vulnerabilities, only tested SSHv2 implementations but said that some SSHv1 implementations may be vulnerable as well.

Most of the flaws involve memory access violations and all of them are found in the greeting and key-exchange phase of the SSH transmission. Among the vendors whose products are vulnerable are SSH Communications Security Inc., F-Secure Corp., InterSoft International Inc., and several others. However, both SSH Communications and F-Secure say that the vulnerabilities are not exploitable in their software.