The CERT Coordination Centre is warning of a security vulnerability – which could also affect Macs – and allow a remote hacker to run code or launch denial-of-service attacks against computers running OpenSSH.
The vulnerability affects OpenSSH versions prior to 3.7. Mac OS X 10.2.6 ships with OpenSSH 3.4. OpenSSH ships with many Unix and Linux systems and hardware devices. All will have to be patched, said Dan Ingevaldson, engineering manager of Internet Security Systems' (ISS's) X-Force security group.
OpenSSH is used by network administrators to communicate remotely with hardware devices, replacing earlier communications tools such as telnet and rlogin (remote login) that sent communications in unencrypted form.
The exploitable flaw is in the buffer-management function of OpenSSH, and could make it possible for remote attackers to cause a buffer overflow on vulnerable machines, according to CERT.
Attackers would need to modify certain OpenSSH parameters and send extra large SSH data packets, perhaps larger than 10MB, to vulnerable machines to create the buffer overflow, Ingevaldson said.
The OpenBSD project issued a security alert for OpenSSH and a new version, 3.7.1, yesterday, and encouraged companies using affected versions of the suite to upgrade to the latest version or apply a software patch.
Apple is expected to release a Security Software update to address the problem in the coming days.