CERT: Plug Secure Shell holes before holidays

From...

By Joris Evers

(IDG) -- Administrators of Unix systems running Secure Shell (SSH) should check all security holes are plugged before going home for the holidays because of increased hacker activity, security experts warned last week.

"We are seeing a high amount of scanning for SSH daemons, and we are receiving reports of exploitation," the Computer Emergency Response Team/Coordination Center (CERT/CC) said in an advisory.

Although vulnerabilities in several implementations of the SSH protocol have been disclosed earlier and patches and software updates have been issued, CERT/CC says it "believes that many system and network administrators may have overlooked one or more of these vulnerabilities."

IDG.net INFOCENTER InfoWorld Main Page InfoWorld Test Center Subscribe to InfoWorld Newsletters Infoworld Opinions and Spotlights Features PC World.com Product Finder Bluetooth wireless connectivity set to take off DSL in distress Visit an IDG site Choose a site: IDG.net CIO Computerworld Darwin Dummies.com GamePro.com The Industry Standard ITWorld.com InfoWorld.com JavaWorld LinuxWorld Macworld Online Network World Fusion PC World Publish.com UnixInsider IDG.net search

Not securing a system could allow an attacker to take over the system by exploiting a vulnerability, CERT/CC warned, stressing that administrators should "ensure that they have applied all relevant patches prior to the holiday break."

The warning comes a day after CERT/CC advised users to implement SSH because of a security problem that plagues certain Unix flavors.

SSH is widely used for secure remote terminal connections and file transfers between a client and a server running Unix and its derivatives. SSH tools are distributed for free by the OpenBSD project (OpenSSH) and sold by vendors including SSH Communications Security Corp. and F-Secure Corp.

"This is a very truthful advisory," said Janne Saarikko, product manager for Secure Shell at SSH in Finland. "There are several reports that there is a lot of scanning and hacking. We advise users to check that they are running SSH2 and not SSH1."

CERT/CC also cautions users that merely upgrading to SSH2 isn't enough. SSH2 will use parts of SSH1 when present, putting the server at risk. The solution is to remove SSH1 before installing SSH2, Saarikko said.

"Most of the vulnerabilities are related to the SSH1 protocol. The message is that nobody should have an SSH1 daemon running," he said, adding that his company expected to publish an advisory similar to the CERT/CC bulleting later Friday.