Title: NetScreen Advisory 57961
Date: 18 September 2003
Version: 2
Impact: Potential Remote Code Execution via SSH Service
Affected Products: NetScreen-IDP
Max Risk: Critical
Summary:
A remotely exploitable vulnerability has been discovered in the OpenSSH
ssh service, which is installed on the IDP appliance. It is unknown at
this time if remote code execution is possible with this vulnerability,
however a remote DoS of the SSH service is known to be possible.
Details:
Multiple buffer management errors have been discovered in OpenSSH
versions prior to 3.7.1. Exploitation of these flaws can result in a
denial of service (DoS) of the SSH service. The SSH service would need
to be restarted in order to recover from the DoS situation. It is
unknown at this time whether remote code execution is possible with this
vulnerability. The SSH service runs as the "root" user, which could
yield root permissions if remote code execution were possible.
More information can be found at the following CERT advisory page:
http://www.cert.org/advisories/CA-2003-24.html
--------------------------------------------------------------
Recommended Actions for IDP:
* Upgrade the SSH service using the packages from the
NetScreen website
(instructions provided below).
* Use the Appliance Configuration Manager (ACM) to limit
access to the
IDP's SSH service from only known trusted source IPs.
* If you do not use SSH to remotely manage the IDP, use
the ACM to
disable the SSH service entirely.
=== How to Upgrade the SSH Service
1. Download the updated software from the following URL:
The updated software is contained in the three following files
located
under the "IDP Operating System Updates" section:
Filename MD5 Hash
- ----------------------------------+---------------------------------
openssh-3.1p1-14.i386.rpm | e152465daf25063eec4281d332b2d34d
openssh-clients-3.1p1-14.i386.rpm | 49b7965f1cc8f21b93fff7c47091dab1
openssh-server-3.1p1-14.i386.rpm | 6db356794fa4595491174e23b81ac744
2. Copy the RPM packages to the /tmp directory on the IDP appliance.
3. Login to the IDP as the root user using the serial interface,
or
directly on the appliance (keyboard/monitor). Do not attempt to
update the SSH packages using an SSH connection.
4. Remove the previous SSH packages by typing the following
as the root
user:
rpm -e `rpm -qa | grep openssh`
5. Install the RPM packages by typing the following as the root user:
rpm -Uvh /tmp/openssh*
6. Restart the SSH service by typing the following as the root user:
service sshd restart
- ------------------------------------------------------------
If
you have not yet registered your product with NetScreen, you will
need to contact NetScreen Technical Support for special instructions on
how to obtain the fixed software. NetScreen Technical Support can be
reached from 8 a.m. to 5 p.m. pacific time Monday through Friday
excluding weekends and observed holidays. You may contact them via email
at: customerservice@netscreen.com.or
via phone at: 408.730.6000 or 800.638.8296