(The Vendor Responds) Re: Secure Computing's SafeWord Agent for SSH Gives Remote Users Root Level Access to the SSH Server - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Security) > SafeWord Agent for SSH

Vendors: Secure Computing

(The Vendor Responds) Re: Secure Computing's SafeWord Agent for SSH Gives Remote Users Root Level Access to the SSH Server

SecurityTracker Alert ID: 1002852

SecurityTracker URL: http://securitytracker.com/id/1002852

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)

Date: Nov 29 2001

Impact: Execution of arbitrary code via network, Root access via network

Vendor Confirmed: Yes

Description: Secure Computing's SafeWord Agent for SSH, which was available to some customers for use with the SafeWord PremierAccess product, is based on SSH code that is vulnerable to the CRC-32 compenstation attack security flaw. The underlying SSH server flaw allows remote users to gain root level access to the SSH server.

The vendor has provided a response to our original report which may have incorrectly implied that SafeWord PremierAccess was vulnerable.

The vendor notes that the SafeWord Agent for SSH is not an SSH server, but may be used along with a (vulnerable) SSH server. This Agent was made available via the Secure Computing web site and was not bundled with SafeWord PremierAccess. The Agent has since been removed from the web site and Secure Computing offers an alternative for customers that want to use SafeWord with an SSH server (see the Solution section). There is no flaw in SafeWord PremierAccess.

See the Source Message for the vendor's full response.

Impact: A remote user can gain root level access to the server running SafeWord Agent for SSH (due to the underlying flaw in the SSH server that would be running on that system). SafeWord PremierAccess is not affected.

Solution: Secure Computing recommends that if a customer is currently using or wishes to use a SSH server and protect it with SafeWord PremierAccess, they should use OpenSSH and use the SafeWord PremierAccess Agent for PAM. SafeWord PremierAccess operates with OpenSSH through the Pluggable Authentication Module (PAM) framework. Secure Computing has a detailed application note on how to use OpenSSH and the SafeWord PAM agent for authentication with SafeWord PremierAccess. Please go to
http://www.securecomputing.com/index.cfm?sKey=827 to access this application note.

Vendor URL: www.securecomputing.com/index.cfm?sKey=643 (Links to External Site)

Cause: Boundary error

Underlying OS: UNIX (Solaris - SunOS), Windows (2000)

Message History: This archive entry is a follow-up to the message listed below.

Secure Computing's SafeWord Agent for SSH is Based on Vulnerable SSH Code

Source Message Contents

Date: Wed, 28 Nov 2001 21:30:34 -0500
Subject: vendor response to a vulnerability report

This is Secure Computing's response to a security alert that was posted
on www.securitytracker.com on Nov 23, 2001. The posting was related
specifically to the SafeWord Agent for SSH (secure shell), but implied
there was a security risk directly tied to SafeWord PremierAccess, which is
false. Secure Computing has since removed the SafeWord Agent for SSH from the
Secure Computing public web site and is longer available from any
source.

Clarification on some misrepresentation in the original posting:

1) The SafeWord Agent for SSH was not an SSH server, it in fact was only
made up of modified files that were needed for a software build process.
This build process would then create the necessary binary files to allow
a SSH server to communicate with a SafeWord authentication server.
Unfortunately those modified files were based on SSH.com's ssh v1.2.27
which is possibly known to cause a vulnerability on SSH servers. Secure
Computing has since removed these modified files from our web site and regrets any inconvenience it may have caused our customers.

2) SafeWord PremierAccess or any other commercially available product from
Secure Computing has never shipped with the SafeWord Agent for SSH, and in
fact this code is not part of the currently shipping SafeWord PremierAccess
product nor is the SafeWord SSH agent on any of the PremierAccess CD's
available today, including the SafeWord Deployment CD, which includes
several different agents. The SafeWord SSH agent was only made available for
download from the SCC web site for customers who wished to build binary
files for use with SafeWord authentication servers. Again these files
have since been removed from the Secure Computing web site and can no longer
be downloaded.

3) SafeWord PremierAccess servers were never the cause of any security
vulnerabilities mentioned in this alert and PremierAccess continues to
set the standard in authentication and access control functionality.

It is recommended that if a customer is currently using or wishes to use
a SSH server and protect it with SafeWord PremierAccess, they should use
OpenSSH and use the SafeWord PremierAccess Agent for PAM. SafeWord
PremierAccess operates with OpenSSH through the Pluggable Authentication
Module (PAM) framework. Secure Computing has a detailed application note
on how to use OpenSSH and the SafeWord PAM agent for authentication with
SafeWord PremierAccess. Please go to
http://www.securecomputing.com/index.cfm?sKey=827 to access this
application note.

Thank you
Secure Computing

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC