[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#490185: openssh-client: openssh-vulnkey does not find compromised keys with 4096 bit keys

Package: openssh-client
Version: 1:4.3p2-9etch2
Severity: grave
Tags: security
Justification: user security hole


The openssh client and openssh-vulnkey do not check for 4096 bit
comprimised keys as the sid version does. So the user will not find
these compromised keys when checking with openssh-vulnkey and the ssh
server will accept connections with these keys.

Please supply a package like in sid which also checks for 4096 (and
other?) bit keys.

Christoph

-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (900, 'stable'), (70, 'testing'), (50, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.22-4-686-bigmem
Locale: LANG=de_DE@euro, LC_CTYPE=de_DE@euro (charmap=ISO-8859-15)

Versions of packages openssh-client depends on:
ii  add 3.102                                Add and remove users and groups
ii  deb 1.5.11etch1                          Debian configuration management sy
ii  dpk 1.13.25                              package maintenance system for Deb
ii  lib 2.3.6.ds1-13etch5                    GNU C Library: Shared libraries
ii  lib 1.39+1.40-WIP-2006.11.14+dfsg-2etch1 common error description library
ii  lib 2.9.cvs.20050518-2.2                 BSD editline and history libraries
ii  lib 1.4.4-7etch5                         MIT Kerberos runtime libraries
ii  lib 5.5-5                                Shared libraries for terminal hand
ii  lib 0.9.8c-4etch3                        SSL shared libraries
ii  pas 1:4.0.18.1-7                         change and administer password and
ii  zli 1:1.2.3-13                           compression library - runtime

openssh-client recommends no packages.

-- no debconf information
Reply to: