Bugtraq mailing list archives
Re: SSH1 vulnerability ?
From: Peter van Dijk <peter () DATALOSS NL>
Date: Mon, 12 Feb 2001 14:58:32 +0100
On Sat, Feb 10, 2001 at 03:08:11PM +0200, Tatu Ylonen wrote:
On Fri, 9 Feb 2001, Christophe Dupre wrote (on the ssh () client fi list):I just read Razor's vulnerability advisory, as reported on slashdot. Any truth to it, or is it another wannabe ?I suppose you are referring to this one:"Bindview released an advisory yesterday warning us that "[a]n integer-overflow problem is present in common code of recent ssh daemons, deattack.c, which was developed by CORE SDI to protect against cryptographic attacks on SSH protocol. [...] This effectively allows an attacker to overwrite arbitrary portions of memory"SSH2 is not vulnerable to this issue at all. Thus, if you are using ssh-2.4.0, or any earlier version of SSH2, you are safe. The vulnerability only affects the SSH1 protocol. The bug in the deattack
This is incorrect. The CRC compensation attack affects the SSH1 protocol. This new vulnerability, however, only affects ssh1 implementations based on the original ssh-1.xx tree from the now ssh.com people, incorporating a 'fix' for the CRC compensation attack. This fix is broken. Rephrasing: the SSH1 protocol has a weakness. One implementation of the fix is vulnerable.
The effect of this particular vulnerability is that it may allow a highly advanced attacker to insert commands into an SSH1 session using an active network-level attack together with a cryptographic attack. I consider this something that needs to be fixed (the real fix is to move to SSH2), but it is not an immediate threat.
Not 'this' vulnerability. The old CRC compensation attack vulnerability. [snip]
Ssh-2.4.0 is available from www.ssh.com (or ftp://ftp.ssh.com/pub/ssh), and is completely free for any use on Linux, FreeBSD, NetBSD, and OpenBSD, as well as for use by universities and charity organizations, and for personal hobby/recreational use by individuals.
This message from Tatu is pure blatant marketing. It points out potential weaknesses in the ssh1 protocol that we knew about already, applying incorrect statements to either vulnerability (the one in the protocol and the one in the fix from their sourcetree), and then goes on about how the fix is to move to ssh.com's ssh2 software. It is *not* the only implementation! Greetz, Peter.
Current thread:
- Re: SSH1 vulnerability ? Tatu Ylonen (Feb 10)
- Re: SSH1 vulnerability ? Peter van Dijk (Feb 12)
- <Possible follow-ups>
- Re: SSH1 vulnerability ? Markus Friedl (Feb 12)
- Re: SSH1 vulnerability ? Frank Cusack (Feb 14)