Bug#481516: marked as done (openssh-client: ssh-vulnkey fails to detect dsa-1576 vulnerable keys when authorized_keys options are used.)
Your message dated Fri, 16 May 2008 18:26:24 +0100
with message-id <1210958784.20217.3.camel@kaa.jungle.aubergine.my-net-space.net>
and subject line Re: Bug#481516: openssh-client: ssh-vulnkey fails to detect dsa-1576 vulnerable keys when authorized_keys options are used.
has caused the Debian Bug report #481516,
regarding openssh-client: ssh-vulnkey fails to detect dsa-1576 vulnerable keys when authorized_keys options are used.
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
481516: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=481516
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: openssh-client
Version: 1:4.3p2-9etch1
Severity: normal
When options are used in an authorized_keys file ssh-vulnkey fails to
identify the key as being vulnerable to dsa-1576. This example
reproduces it with a known bad key:
gateway:~# ssh-vulnkey bad_key.pub
COMPROMISED: 2048 99:9c:fe:67:a5:eb:1f:54:06:85:a2:43:0e:ad:0b:c6 bad_key.pub
gateway:~# ssh-vulnkey bad_bad_key.pub
gateway:~# diff bad_key.pub bad_bad_key.pub
1c1
< ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEArnzR8H6UAFTVWMmxYwbNaCRm656cPiskUPueovqGhzOtAErRQJxvmaoxDcyBBHVb0y7qUchVI4EWW0Z/lf20jppQIrIAFcLjUuU4y4mqaMVuU1RM0VdKj7jaM8JYvU1/8kGFMtFFQWcbRfihd2y+EbwxyRaNp6GCCC2EoqXZSy2RlrGtvMiUp41Lie50aV5Mj0DkLfICTNVxj20gedbYn6K45ybYe2lGDqwDCY9j6FWj9taUW7CIbVsV+oJWzZXhMuwbUwc6hNDqyqHaeTyaj2bmI6QyFJhlbiCyUtYIyOfgc0VO1dCuWr9/qPZxbAjY28T14lFHlS/0oambyA9how== foo@home
---
> command="/usr/bin/cvs server",no-port-forwarding,no-pty,no-X11-forwarding,no-agent-forwarding ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEArnzR8H6UAFTVWMmxYwbNaCRm656cPiskUPueovqGhzOtAErRQJxvmaoxDcyBBHVb0y7qUchVI4EWW0Z/lf20jppQIrIAFcLjUuU4y4mqaMVuU1RM0VdKj7jaM8JYvU1/8kGFMtFFQWcbRfihd2y+EbwxyRaNp6GCCC2EoqXZSy2RlrGtvMiUp41Lie50aV5Mj0DkLfICTNVxj20gedbYn6K45ybYe2lGDqwDCY9j6FWj9taUW7CIbVsV+oJWzZXhMuwbUwc6hNDqyqHaeTyaj2bmI6QyFJhlbiCyUtYIyOfgc0VO1dCuWr9/qPZxbAjY28T14lFHlS/0oambyA9how== foo@home
Regards,
-Brett.
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-6-686
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages openssh-client depends on:
ii add 3.102 Add and remove users and groups
ii deb 1.5.11etch1 Debian configuration management sy
ii dpk 1.13.25 package maintenance system for Deb
ii lib 2.3.6.ds1-13etch4 GNU C Library: Shared libraries
ii lib 1.39+1.40-WIP-2006.11.14+dfsg-2etch1 common error description library
ii lib 2.9.cvs.20050518-2.2 BSD editline and history libraries
ii lib 1.4.4-7etch4 MIT Kerberos runtime libraries
ii lib 5.5-5 Shared libraries for terminal hand
ii lib 0.9.8c-4etch3 SSL shared libraries
ii pas 1:4.0.18.1-7 change and administer password and
ii zli 1:1.2.3-13 compression library - runtime
openssh-client recommends no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Version: 1:4.3p2-9etch2
Hi,
On Fri, 2008-05-16 at 12:19 -0400, Brett Viren wrote:
> When options are used in an authorized_keys file ssh-vulnkey fails to
> identify the key as being vulnerable to dsa-1576. This example
> reproduces it with a known bad key:
This is fixed in 1:4.3p2-9etch2 (see DSA1576-2); marking as such.
Regards,
Adam
--- End Message ---
Reply to: