Re: Probable SSH Vulnerability

To: Tim Peeler <thp@linux00.LinuxForce.net>
Cc: debian-security@lists.debian.org
Subject: Re: Probable SSH Vulnerability
From: Florian Weimer <fw@deneb.enyo.de>
Date: Tue, 17 Jun 2003 23:41:20 +0200
Message-id: <[🔎] 87fzm84c1r.fsf@deneb.enyo.de>
Mail-followup-to: Tim Peeler <thp@linux00.LinuxForce.net>, debian-security@lists.debian.org
In-reply-to: <[🔎] 20030617202705.GA11108@linux00.LinuxForce.net> (Tim Peeler's message of "Tue, 17 Jun 2003 16:27:05 -0400")
References: <[🔎] 20030613181844.GA23860@linux00.LinuxForce.net> <20030613171528.2df6d06c.david@eelf.ddts.net> <[🔎] 20030613215221.GA7327@linux00.LinuxForce.net> <[🔎] 9jvkevgo63r9rsrt8hvu9c0gprh8kembi7@4ax.com> <[🔎] 20030615031410.GB20920@linux00.LinuxForce.net> <[🔎] 877k7n3jv7.fsf@deneb.enyo.de> <[🔎] 20030617162748.GA1313@linux00.LinuxForce.net> <[🔎] 87znkg5vzb.fsf@deneb.enyo.de> <[🔎] 20030617202705.GA11108@linux00.LinuxForce.net>

Tim Peeler <thp@linux00.LinuxForce.net> writes:

> As we have yet to see any indication that this is related to the crc32
> compensation detector yet, I'm finding it more and more difficult
> to believe that this was truely the problem.

Yes, indeed.  This particular problem has been fixed, but there are
others, which are more like protocol weaknesses and more difficult to
address (the CRC32 attack detector was added to compensate for such a
vulnerability).

Anyway, I just wanted to make sure that you investigate other
weaknesses than the SSH1 implementation.  It's my gut feeling based on
the facts you have mentioned that another explanation is far more
likely.

Reply to:

Follow-Ups:
- Re: Probable SSH Vulnerability
  - From: Tim Peeler <thp@linux00.LinuxForce.net>

References:
- Probable SSH Vulnerability
  - From: Tim Peeler <thp@linux00.LinuxForce.net>
- Re: Probable SSH Vulnerability
  - From: Tim Peeler <thp@linux00.LinuxForce.net>
- Re: Probable SSH Vulnerability
  - From: Nick Boyce <nick@glimmer.demon.co.uk>
- Re: Probable SSH Vulnerability
  - From: Tim Peeler <thp@linux00.LinuxForce.net>
- Re: Probable SSH Vulnerability
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: Probable SSH Vulnerability
  - From: Tim Peeler <thp@linux00.LinuxForce.net>
- Re: Probable SSH Vulnerability
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: Probable SSH Vulnerability
  - From: Tim Peeler <thp@linux00.LinuxForce.net>

Prev by Date: Re: na schick mal
Next by Date: Linux app equivalent of Solaris BSM
Previous by thread: Re: Probable SSH Vulnerability
Next by thread: Re: Probable SSH Vulnerability
Index(es):
- Date
- Thread