Info

Disclosure

Aug 31, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

OpenSSH contains a flaw that may allow a authenticated attacker to perform a port bouncing attack. The issue is triggered when the 'AllowTcpForwarding' option is enabled in the sshd_config file. This may make it possible for a malicious user to use SSH to access an anonymous service (i.e. AnonCVS) and forward connections to arbitrary ports via this vulnerable service.

Classification

Location: Remote/Network Access Required
Attack Type: Misconfiguration
Impact: Loss of Confidentiality, Loss of Integrity
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: change AllowTcpForwarding option to "no" in sshd_config file.

Products

OpenBSD

OpenSSH

3.9

References

Security Tracker: 1011143
ISS X-Force ID: 17213
CVE ID: 2004-1653 (see also: NVD)
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-09/0009.html
Other Advisory URL: http://pacsec.jp/advisoryarchive.html?LANG=ENGLISH
Vendor URL: http://www.openssh.org/

Credit

Dragos Ruiu - drkyx.ne - PacSec

Direct URL: http://osvdb.org/36218