NetWare SSHD.NLM - Not vulnerable to CVE-2008-1483, CVE-2006-4924, CVE-2006-4925

  • 7005435
  • 03-Mar-2010
  • 26-Apr-2012

Environment

Novell NetWare 6.5 Support Pack 8

Situation

Is NetWare SSHD.NLM vulnerable to CVE-2008-1483, CVE-2006-4924,  and/or CVE-2006-4925?

Resolution

NetWare OpenSSH is not vulnerable to to these CVE issues.  (This should not be taken to mean it is vulnerable to other CVEs not mentioned here.  This document was written in response to customer questions specific to these 3 items.)
 
CVE-2008-1483 : This vulnerability exists in X11 forwarding, which is not a feature implemented in NetWare SSHD, and therefore the vulnerability does not exist on NetWare.
 
CVE-2006-4924 :   This vulnerability deals with certain spoofing operations which can cause 100% CPU utilization for short periods of time.  A script which is verified to exploit this issue on vulnerable OpenSSH implementations was tested against NetWare SSHD, and showed no significant effect on NetWare CPU utilization, even under continuous attack.
 
CVE-2006-4925:  This vulnerability is registered against SSH clients, not SSH servers, so SSHD.NLM is not implicated.
 
[Side note:  Even when considering this CVE against SSH clients, this is not a true security vulnerability.  This issue describes certain events which can cause an SSH client process to crash.  The fix is to have the client exit gracefully (though still prematurely) rather than crash.  Either way, the events in question cause the client session to exit without completion.  In comparing an SSH client where this is fixed and one which is not fixed, it is a relatively cosmetic difference in error handling, not a security breach.]