Multiple SSH Client ssh-agent Forwarding Information Disclosure

2000-11-13T14:13:18
ID OSVDB:6248
Type osvdb
Reporter OSVDB
Modified 2000-11-13T14:13:18

Description

Vulnerability Description

OpenSSH's ssh client contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker attempts to gain acess to the ssh-agent of the client, which will be incorrectly permitted. This will disclose user keystroke information, resulting in a loss of confidentiality.

Technical Description

The problem occurs in the OpenSSH Client. The client does not sufficiently check for the ssh-agent forwarding options after an SSH session has been negotiated. This allows the server end of the SSH session to gain access to this resource on the client side. This could result in a malicious server gaining access to the local ssh-agent and remotely watching keystrokes.

Solution Description

Upgrade to version 2.3.0 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by applying the vendor-supplied patch, or by unsetting the $DISPLAY and $SSH_AUTH_SOCK environment variables.

Short Description

OpenSSH's ssh client contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker attempts to gain acess to the ssh-agent of the client, which will be incorrectly permitted. This will disclose user keystroke information, resulting in a loss of confidentiality.

Manual Testing Notes

Telnet Target IP Port 22. If returned header shows openssh version older than 2.3.0 system may be vulnerable.

References:

Vendor URL: http://www.chiark.greenend.org.uk/~sgtatham/putty/ Vendor Specific Solution URL: http://www.openbsd.com/errata27.html#sshforwarding Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Related OSVDB ID: 2114 Nessus Plugin ID:11343 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2000-11/0195.html ISS X-Force ID: 5517 CVE-2000-1169 CERT VU: 363181 Bugtraq ID: 1949