|
|
|
Reflection for Secure IT Server Security Vulnerability Update and Workaround: SFTP Subsystem Server
Technical Note 1882
Last Reviewed 30-May-2006
Applies To
Reflection for Secure IT UNIX Server version 6.0
Reflection for Secure IT Windows Server version 6.0
F-Secure SSH Server for Windows version 5.x
F-Secure SSH Server for UNIX version 3.x through 5.x
Summary
Technical Note 1882
Last Reviewed 30-May-2006
Applies To
Reflection for Secure IT UNIX Server version 6.0
Reflection for Secure IT Windows Server version 6.0
F-Secure SSH Server for Windows version 5.x
F-Secure SSH Server for UNIX version 3.x through 5.x
Summary
This technical note describes a security vulnerability in Reflection for Secure IT Windows and UNIX Servers and F-Secure SSH Servers for Windows and UNIX. Please evaluate your exposure and either upgrade your systems with the fix we provide or apply the recommended workaround.
Note: This issue does not apply to Reflection for Secure IT UNIX or Windows Server version 6.1.
Overview
Attachmate Reflection for Secure IT and F-Secure sftp subsystem servers on UNIX and Windows contain a format string vulnerability that may enable an attacker to execute arbitrary code at the privilege of an authenticated user.
The Issue
The sftp subsystem logging functionality of the Secure Shell server contains a format string vulnerability.
The Impact
A remote attacker may be able to execute arbitrary code at the privilege of the user if the attacker can persuade an authenticated SSH user to stat a specially crafted file. A malicious authenticated user could also launch a denial-of-service attack against the SSH server.
Affected Servers
The following versions of the Reflection and F-Secure SSH servers are affected by this issue. Evaluate your exposure and upgrade your systems.
- Reflection for Secure IT Windows Server: all 6.0 versions
- Reflection for Secure IT UNIX Server: all 6.0 versions
- F-Secure SSH Server for Windows: all 5.x versions
- F-Secure SSH Server for UNIX: all 5.x and 3.x versions
The Solution
The issue has been fixed in the following versions and builds, which are available for download from the Attachmate Download Library. The specific file locations are listed below.
Windows Server
Reflection for Secure IT Windows Server version 6.1
Reflection for Secure IT Windows Server version 6.0 build 38
F-Secure SSH Server for Windows version 5.3 build 35
Reflection for Secure IT Windows Server version 6.0 build 38
F-Secure SSH Server for Windows version 5.3 build 35
UNIX Server
Reflection for Secure IT UNIX Server version 6.1
Reflection for Secure IT UNIX Server version 6.0.0.9
F-Secure SSH Server for UNIX version 5.0.8
Reflection for Secure IT UNIX Server version 6.0.0.9
F-Secure SSH Server for UNIX version 5.0.8
Please upgrade your installation to address the vulnerability.
Note: If you have version 3.x of the F-Secure SSH UNIX Server, you can upgrade to a fixed version if your company has a current maintenance agreement. Otherwise, apply the workaround.
Obtaining the Upgrade Files
Maintained customers are eligible to download the updated packages from the Attachmate Download Library. You will need the login information sent from Attachmate to your "ship to" contact.
Follow these steps to download the latest version from the Download Library site.
" target="_blank">https://download.attachmate.com/Upgrades/DownloadAgreement.aspx?code=RSS-WN- To upgrade the Reflection for Secure IT Windows Server, click https://download.attachmate.com/Upgrades/DownloadAgreement.aspx?code=RSS-UNIX
To upgrade the Reflection for Secure IT UNIX Server, click
For more information about installing Reflection for Secure IT server, see the product manual available from http://support.attachmate.com/manuals/sshdocs.html.
If you have questions about the using the Download Library site, see Technical Note 0200.
Optional Workaround
If you have an existing installation and are not able to upgrade your SSH server to a fixed version, you can implement the following workaround to ensure that this vulnerability cannot be exploited.
On UNIX Servers
- Edit the SSH server's sshd2_config file:
- Change the line
subsystem-sftp internal://sftp-server to
subsystem-sftp sftp-serverNote: This change disallows the use of chroot.
- Comment out the SftpSyslogFacility keyword line. Note: The line should begin with two "pound" signs, as in this example:
## SftpSyslogFacility LOCAL7- Restart the SSH server to read the changes in the configuration file.
On Windows Servers
The only workaround is to disable the sftp subsystem. To disable the subsystem, follow the steps below.
Note: Disabling the sftp subsystem disables sftp file transfer support on the Windows Server.
- Edit the SSH server's sshd2_config file and comment out the subsystem-sftp line. Note: The line should begin with two "pound" signs, as in this example:
## subsystem-sftp "fsshsftpd.exe"- Restart the SSH server to read the change in the configuration file.
Future Updates
Attachmate posts notifications of security vulnerabilities on our Support site. Check http://www.attachmate.com/Support/ for updates to Reflection products.
