[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]


On Tue, 2002-12-17 at 16:25, Edward Guldemond wrote:
> On Tue, Dec 17, 2002 at 12:02:57PM +0000, Andrew Mulholland wrote:
> > On Tue, 2002-12-17 at 10:05, Adrian 'Dagurashibanipal' von Bidder wrote:
> > > 
> > > Well, SSH1 is still vulnerable. It's nothing to do with the current
> > > advisory. So the advice not to run SSH1 is still valid.
> > > 
> > 
> > does this affect the ssh1 option in OpenSSH?
> > (as in on a woody/sarge box, running OpenSSH, if I've the ssh1 option
> > enabled, am I vulnerable? :)
> The CERT Vulnerability Note is number VU#945216, and can be accessed
> here[1].  Basically, this vulnerability is in the code that checks for
> the CRC32 attack.  It suffers from an integer overflow.  According to

As I said, I was not closely following the story, but IIRC the SSH
Protocol version 1 has a principal design flaw that *can* *not* *be*
*fixed* without breaking the protocol.

There were, of course, additional issues with implementations, but ssh1
never really was secure, and never will be. I'm not making any statement
about the practical relevance of the attack here, nor do I know of any
successful break in using this weakness, so YMMV.

-- vbi

this email is protected by a digital signature:  http://fortytwo.ch/gpg

NOTE: keyserver bugs! get my key here: https://fortytwo.ch/gpg/92082481

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: