Summary
OpenSSH Vulnerability Response
Details
The Trend Micro TippingPoint S-Series, N-Platform and NX Intrusion Prevention Systems (IPS) implement customized versions of SSH that advertise standard banners in order to best interoperate with all SSH clients. The SSH implementations within TippingPoint IPS models have been customized due to the fact that they have been ported to the VxWorks operating system. Therefore, there are no perfectly equivalent OpenSSH version numbers with which to compare.
The vulnerability assessment report indicates that S-Series, N and NX management port may be vulnerable to the vulnerabilities it found. Trend Micro TippingPoint has revisited its analysis of these potential vulnerabilities against the SSH implementations available in the most current TOS release for our S-Series, N and NX models. These TOS versions use the third party libraries SSHield 2.2.0 from Team F1, which are based on OpenSSH 3.5p1.
The responses to the individual vulnerability warnings are based on information from Trend Micro TippingPoint’s library vendor (Team F1). The analysis concluded that Trend Micro TippingPoint’s S-Series, N and NX Platform IPS models are not susceptible to any of the SSH vulnerabilities highlighted by the network scanning software.
It is important to note that the IPS is an inline Layer 2 device with no MAC address or IP address in the data path. Any potential vulnerability could only be exploited on its management port. Trend Micro TippingPoint therefore recommends that all customers secure network access to the management port of their IPS using an ACL or a management VLAN.
Also important to highlight is that VA scanning tools generally read the advertised banner version and simply infer potential vulnerabilities that could be present. Only a tool that actually attempts to exploit an SSH weakness could provide a definitive statement as to the vulnerability of a product. Trend Micro TippingPoint is not aware of any SSH attacks having been successfully launched against any of our customers’ IPS systems.
If you have concerns or further questions regarding this issue, contact the Trend Micro TippingPoint Technical Assistance Center (TAC).
Thank you,
Trend Micro TippingPoint
The vulnerability assessment report indicates that S-Series, N and NX management port may be vulnerable to the vulnerabilities it found. Trend Micro TippingPoint has revisited its analysis of these potential vulnerabilities against the SSH implementations available in the most current TOS release for our S-Series, N and NX models. These TOS versions use the third party libraries SSHield 2.2.0 from Team F1, which are based on OpenSSH 3.5p1.
The responses to the individual vulnerability warnings are based on information from Trend Micro TippingPoint’s library vendor (Team F1). The analysis concluded that Trend Micro TippingPoint’s S-Series, N and NX Platform IPS models are not susceptible to any of the SSH vulnerabilities highlighted by the network scanning software.
It is important to note that the IPS is an inline Layer 2 device with no MAC address or IP address in the data path. Any potential vulnerability could only be exploited on its management port. Trend Micro TippingPoint therefore recommends that all customers secure network access to the management port of their IPS using an ACL or a management VLAN.
Also important to highlight is that VA scanning tools generally read the advertised banner version and simply infer potential vulnerabilities that could be present. Only a tool that actually attempts to exploit an SSH weakness could provide a definitive statement as to the vulnerability of a product. Trend Micro TippingPoint is not aware of any SSH attacks having been successfully launched against any of our customers’ IPS systems.
If you have concerns or further questions regarding this issue, contact the Trend Micro TippingPoint Technical Assistance Center (TAC).
Thank you,
Trend Micro TippingPoint
