Bugtraq mailing list archives
Re: severe error in SSH session key recovery patch
From: Andrew Brown <atatat () ATATDOT NET>
Date: Sun, 11 Feb 2001 12:07:39 -0500
-- With the patch, the lifespan of the server key still does not go below one minute. As mentioned in CORE SDI's advisory, the number of server connections necessary to carry out the attack is normally very large but "the number of connections given is for the average case and specifics cases will fall below the average". This suggests that is not entirely out of the question for the attack to succeed within one minute. If that risk is not appropriate in one's environment, then other measures (which may include inetd/tcpserver but may also include desupporting use of SSH protocol 1.5) are needed.
1) { 2) static time_t last_kill_time = 0; 3) if (time(NULL) - last_kill_time > 60 && getppid() != 1) 4) { 5) last_kill_time = time(NULL); 6) kill(SIGALRM, getppid()); 7) } 8) fatal("Bad result from rsa_private_decrypt"); 9) } actually...if we look at the lines that the patch adds, i think it's pretty clear that the variable last_kill_time, declared at line 2 to be static and initialized to 0, will always be 0 at line 3 (since it can't get set to anything else from other code...it's static), which means that the kill (and setting the actual of last_kill_time to something other than 0) will almost always take place (now - 0 is usually a lot more than 60), and the fact that it finally get set doesn't mean anything to anyone, since the only process that recorded that the signal was sent immediately exits at line 8. unless i'm missing something, this turns the vulnerability from a possible (but difficult) theft of a session key to very easy denial of service attack. all i need to do is keep connecting and screwing up and your main sshd will churn on and on making itself new server keys. -- |-----< "CODE WARRIOR" >-----| codewarrior () daemon org * "ah! i see you have the internet twofsonet () graffiti com (Andrew Brown) that goes *ping*!" andrew () crossbar com * "information is power -- share the wealth."
Current thread:
- severe error in SSH session key recovery patch Matt Power (Feb 10)
- Re: severe error in SSH session key recovery patch Andrew Brown (Feb 12)
- Re: severe error in SSH session key recovery patch Kari Hurtta (Feb 12)
- Re: severe error in SSH session key recovery patch Robert Varga (Feb 12)
- Re: severe error in SSH session key recovery patch Tatu Ylonen (Feb 13)
- Re: severe error in SSH session key recovery patch Andrew Brown (Feb 12)