Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0

From: Lucian Hudin <luci () warp transart ro>
Date: Mon, 23 Jul 2001 19:08:32 +0300 (EEST)


A quick glance at the source code suggests that SSH 2.3.0 and
2.4.0 have the same problem.  Is this true?


I suppose we are talking about this section of ssh 2.4.0's
sshunixuser.c:

   940
   941          /* Authentication is accepted if the encrypted passwords are identical. */
   942        #ifdef HAVE_HPUX_TCB_AUTH
   943          return strncmp(encrypted_password, correct_passwd,
   944                         strlen(correct_passwd)) == 0;
   945        #else /* HAVE_HPUX_TCB_AUTH */
   946          return strcmp(encrypted_password, correct_passwd) == 0;
   947        #endif /* HAVE_HPUX_TCB_AUTH */

If I read this correctly, it's certainly not a problem unless ssh is
compiled with HAVE_HPUX_TCB_AUTH defined.  In that case, it may or


the linux compile at least doesn't #define HAVE_HPUX_TCB_AUTH so
the sshd 2.4.0 is not vulnerable on linux.

Luci
Previous By Date Next
Previous By Thread Next

Current thread: