[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Don't panic (ssh)

On Mon, Jan 14, 2002 at 12:17:15PM +0000, Iain Tatch wrote:
> On 14 January 2002 at 11:48:34 crispin@iinet.net.au wrote:
> >> Have I missed something and was I already OK, or is the current stable
> >> potato release shipping with a potential ssh security hole?  
> > AFAIK, all SSH1 connections are vulnerable to the CRC32 attack. Thus you need
> > to use SSH2 protocol. OpenSSH supports SSH2. You need different keys though,
> > as SSH2 so far does not support RSA keypairs and needs DSA keys.  
> That's the impression I was under, too. In which case the current stable
> release of Debian comes with an sshd which uses protocol 1 and is
> therefore open to allowing remote root compromises.

There are actually two *separate* CRC32-related flaws in ssh.

The first is a protocol design flaw that allows the injection of data
into an ssh session. This is the 'CRC32 compensation' attack. Modern
ssh1 implementations have code to detect this, which leads to the next

The remote root flaw is a bug in the CRC32 compensation attack detector.
In OpenSSH this has been fixed since 2.3.0 - nearly a year old.

It's still probably better to run only ssh2 if you have a choice, but
if you're still running ssh1 your system is not wide open.

The Debian stable sshd has had the apropriate patches backported to it,
so it's not vulnerable to this remote root hole.

William Aoki     waoki@umnh.utah.edu       /"\  ASCII Ribbon Campaign
3B0A 6800 8A1A 78A7 9A26 BB92              \ /  No HTML in mail or news!
9A26 BB92 6329 2D3E 199D 8C7B               X
                                           / \

Reply to: