Amajor vulnerability has just been found in one of the most widely used versions of the secure shell protocol. Older versions of OpenSSH are vulnerable to attacks whereby malicious servers can force users to leak their private keys.
Researchers at Qualys,
Turn Off Roaming
Users who may be vulnerable to the attack are urged to upgrade to the latest version of OpenSSH as soon as possible, according to the advisory. For anyone unable to update to the latest version, the vulnerable code can also be completely disabled by adding 'UseRoaming no' to the gobal ssh_config(5) file or to the user configuration in ~/.ssh/config, or by passing -oUseRoaming=no on the command line.
At the heart of the vulnerability is an undocumented feature called “roaming" that has been supported ever since OpenSSH 5.4 was released in 2010. The exploit requires an attacker to have access to a malicious SSH server. For the exploit to work, the user must have already been successfully authenticated, which reduces the likelihood of an attack.
“The matching server code has never been shipped, but the client code was enabled by default and could be tricked by a malicious server into leaking client memory to the server, including private client user keys,” according to the researchers. “The authentication of the server host key prevents exploitation by a man-in-the-middle, so this information leak is restricted to connections to malicious or compromised servers.”
Nevertheless, sophisticated and determined attackers could take advantage of the exploit, and may have already done so in the wild. Qualys advised high-profile sites and users to regenerate their SSH keys as a precautionary measure.
Vulnerable for Years
We reached out to Michela Menting, digital security research director at ABI Research, to get her thoughts on the situation. Menting said the exploit may have contributed to some of the biggest hacks we’ve seen in the last several years.
“Clearly the ability to obtain private keys is extremely serious,” Menting said. “The implications are huge and will not just include disabling the bugged functionality, but also revoking and regenerating keys -- a costly and time consuming effort.”
What is equally disturbing is that the exploit has been in the wild for years, she added. “This means attackers (in the know) would have been in an extremely profitable position to take advantage of this zero-day for an extended period of time," Menting said. "This would have been quite valuable for sophisticated attacks, and would have easily contributed to the success of highly complex state-sponsored attacks over the years and easy lateral movements and privilege escalation within a network.”
Systems and network administrators should take immediate steps to patch or update their implementations, she added.