Bugtraq mailing list archives
Re: SSH 1 Why?
From: core.lists.bugtraq () CORE-SDI COM (Emiliano Kargieman)
Date: Wed, 15 Dec 1999 16:34:27 -0300
"Daniel P. Zepeda" wrote:
Hi, I've seen a lot of discussion about SSH 1 on this list. I read somewhere that even the authors of SSH recommended that SSH1 *not* be used anymore because there were some major holes in it, and that anybody serious should upgrade to SSH2. What am I missing here?
The short answer: theres a hughe installed base of SSH 1. The long one: Well, there is a problem in the way SSH protocol version 1.x (implemented in versions 1.x of the SSH software packages) handles integrity checking of the encrypted channel, that could allow an attacker to insert arbitrary commands to be executed on the server. This problem is inherent to the protocol and although there are ways to detect this attack, an upgrade of the protocol is recommended. See 199806120125.WAA05406 () takeover core com ar">http://www.securityfocus.com/templates/archive.pike?list=1&date=1998-06-08&msg=199806120125.WAA05406 () takeover core com ar</A> What you are missing is the following: upgrading to SSH 2 implies upgrading to version 2 of the protocol, in order to prevent the abovementioned problem you can no longer support compatibility with version 1.x of the protocol. So you have to update all your SSH servers and clients. In the real world (somewhere around here?) updating all this clients takes can take a long time, so even if you are upgrading to version 2 you need to keep backwards compatibility for a while... that means, any problems found in SSH 1 still concern a lot of people (see the short answer for details). Cheers, -- Emiliano Kargieman <ek () core-sdi com> Director de Investigacion - CoreLabs - Core-SDI S.A. http://www.core-sdi.com --- For a personal reply use emiliano_kargieman () core-sdi com
Current thread:
- Re: Local / Remote D.o.S Attack in War FTP Daemon 1.70 Vulnerability, (continued)
- Re: Local / Remote D.o.S Attack in War FTP Daemon 1.70 Vulnerability Ussr Labs (Dec 15)
- CERT Advisory CA-99-16 Buffer Overflow in Sun Solstice AdminSuite Daemon sadmind Elias Levy (Dec 14)
- Statement: Local / Remote D.o.S Attack in War FTP Daemon 1.70 Jarle Aase (Dec 16)
- sshd1 allows unencrypted sessions regardless of server policy Markus Friedl (Dec 14)
- Re: sshd1 allows unencrypted sessions regardless of server policy Michael H. Warfield (Dec 14)
- Re: sshd1 allows unencrypted sessions regardless of server policy Pavel Machek (Dec 14)
- Re: sshd1 allows unencrypted sessions regardless of server policy Joseph Moran (Dec 14)
- Re: sshd1 allows unencrypted sessions regardless of server policy David Schwartz (Dec 15)
- SSH-1.2.27 & RSAREF2 exploit Iván Arce (Dec 14)
- SSH 1 Why? Daniel P. Zepeda (Dec 14)
- Re: SSH 1 Why? Emiliano Kargieman (Dec 15)
- Re: SSH 1 Why? Emiel Kollof (Dec 15)
- Re: SSH 1 Why? Iván Arce (Dec 16)
- Re: SSH 1 Why? R. J. Wysocki (Dec 18)
- Groupewise Web Interface Sacha Faust Bourque (Dec 19)
- Re: Groupewise Web Interface Raymond Dijkxhoorn (Dec 20)
- Re: Groupewise Web Interface Bayard G. Bell (Dec 21)
- Announcement: Solaris loadable kernel module backdoor plasmoid (Dec 20)
- Re: Announcement: Solaris loadable kernel module backdoor pedward () WEBCOM COM (Dec 21)
- Re: Announcement: Solaris loadable kernel module backdoor Marc Esipovich (Dec 22)
- Re: Announcement: Solaris loadable kernel module backdoor Steven Alexander (Dec 23)