November 14, 2008
Plaintext Recovery Attack Against SSH
CPNI Advisory Reference CPNI-957037
http://www.cpni.gov.uk/Products/3716.aspx
A security issue affecting also the SSH Tectia client/server solution has been found. This issue can create a vulnerability in systems that have the SSH Tectia Client or SSH Tectia Server package installed. The issue is in the SSH protocol specification itself, and as such covers also other SSH implementations, in addition to SSH Tectia.
DESCRIPTION
The attacker that is able to listen to an encrypted Secure Shell (SSH) connection and actively steal the network connection (TCP) can in some situations obtain up to 4 bytes of cleartext data from the session. The attack attempt causes the attacked connection to be disconnected immediately. The attack works only against protocol sessions that are encrypted using a block cipher algorithm in the cipher-block chaining (CBC) mode. Exploiting this vulnerability is very difficult.
AFFECTED PRODUCTS
PRODUCTS NOT AFFECTED
FIX / WORK-AROUND
An immediate workaround is to refrain from using CBC mode block ciphers in Secure Shell (SSH) sessions. In practice this is achievable with the SSH Tectia products by utilizing either CryptiCore or Arcfour encryption algorithms.
We recommend that you also update your system to an SSH Tectia client/server solution version which is not vulnerable. Once the update has been made, you can safely use the CBC mode block ciphers again.
UPDATING SSH TECTIA CLIENT AND SSH TECTIA SERVER
If you are a currently active Maintenance Customer, you can download the installation packages from SSH Customer Download Center at https://downloads.ssh.com. The products provided here include valid license files.
If you are not a currently active Maintenance Customer, you can reinstate your Maintenance by contacting your SSH Sales office. Go to http://www.ssh.com for contact info.
SSH Communications Security apologizes for any inconvenience that this vulnerability may have caused. We take security of the systems of our customers very seriously and do our utmost to provide secure software with minimum defects. We strongly urge all customers to consider the implications of this vulnerability carefully and to make an educated decision on actions.
http://www.cpni.gov.uk/Products/3716.aspx
A security issue affecting also the SSH Tectia client/server solution has been found. This issue can create a vulnerability in systems that have the SSH Tectia Client or SSH Tectia Server package installed. The issue is in the SSH protocol specification itself, and as such covers also other SSH implementations, in addition to SSH Tectia.
DESCRIPTION
The attacker that is able to listen to an encrypted Secure Shell (SSH) connection and actively steal the network connection (TCP) can in some situations obtain up to 4 bytes of cleartext data from the session. The attack attempt causes the attacked connection to be disconnected immediately. The attack works only against protocol sessions that are encrypted using a block cipher algorithm in the cipher-block chaining (CBC) mode. Exploiting this vulnerability is very difficult.
AFFECTED PRODUCTS
- SSH Tectia Client and Server and ConnectSecure 6.0.4 and older in the 6.x series
- SSH Tectia Client and Server and Connector 5.3.8 and older in the 5.3.x series
- SSH Tectia Client and Server and Connector 5.2.4 and older in the 5.x series
- SSH Tectia Client and Server and Connector 4.4.11 and older in the 4.x series
- SSH Tectia Server for Linux on IBM System z 6.0.4
- SSH Tectia Server for IBM z/OS 6.0.1 and 6.0.0
- SSH Tectia Server for IBM z/OS 5.5.1 and older
- SSH Tectia Client 4.3.3-J (Japanese) and older in the 4.x-J series
- SSH Tectia Client 4.3.10-K (Korean) and older in the 4.x-K series
PRODUCTS NOT AFFECTED
- SSH Tectia Client and Server and ConnectSecure 6.0.5
- SSH Tectia Client and Server and Connector 5.3.9
- SSH Tectia Client and Server and Connector 5.2.5
- SSH Tectia Client and Server and Connector 4.4.12
- SSH Tectia Server for Linux on IBM System z 6.0.5
- SSH Tectia Server for IBM z/OS 6.0.2
- SSH Tectia Server for IBM z/OS 5.5.2
- SSH Tectia Client 4.3.4-J (Japanese)
FIX / WORK-AROUND
An immediate workaround is to refrain from using CBC mode block ciphers in Secure Shell (SSH) sessions. In practice this is achievable with the SSH Tectia products by utilizing either CryptiCore or Arcfour encryption algorithms.
We recommend that you also update your system to an SSH Tectia client/server solution version which is not vulnerable. Once the update has been made, you can safely use the CBC mode block ciphers again.
UPDATING SSH TECTIA CLIENT AND SSH TECTIA SERVER
If you are a currently active Maintenance Customer, you can download the installation packages from SSH Customer Download Center at https://downloads.ssh.com. The products provided here include valid license files.
If you are not a currently active Maintenance Customer, you can reinstate your Maintenance by contacting your SSH Sales office. Go to http://www.ssh.com for contact info.
SSH Communications Security apologizes for any inconvenience that this vulnerability may have caused. We take security of the systems of our customers very seriously and do our utmost to provide secure software with minimum defects. We strongly urge all customers to consider the implications of this vulnerability carefully and to make an educated decision on actions.
SSH Corp. Contact
George Adams
SSH Communications Security Corp.
Tel: +1 781 247 2100
E-mail: 
Americas Contact
Byron Rashed
SSH Communications Security, Inc.
Tel: +1 650 251 2721
E-mail: 
Europe Contact
Bo Sorensen
SSH Communications Security Corp.
Tel: +358 20 500 7404
E-mail: 
Investor Relations
Mika Peuranen
SSH Communications Security Corp.
Tel: +358 20 500 7419
E-mail: 
U.S. Agency Contact
Cheryl Seaberg
Walt & Company
Tel: +1 408 496 0900 x 2981
E-mail: 