[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#481516: openssh-client: ssh-vulnkey fails to detect dsa-1576 vulnerable keys when authorized_keys options are used.

Package: openssh-client
Version: 1:4.3p2-9etch1
Severity: normal


When options are used in an authorized_keys file ssh-vulnkey fails to
identify the key as being vulnerable to dsa-1576.  This example
reproduces it with a known bad key:

gateway:~# ssh-vulnkey bad_key.pub
COMPROMISED: 2048 99:9c:fe:67:a5:eb:1f:54:06:85:a2:43:0e:ad:0b:c6 bad_key.pub
gateway:~# ssh-vulnkey bad_bad_key.pub
gateway:~# diff bad_key.pub bad_bad_key.pub
1c1
< ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEArnzR8H6UAFTVWMmxYwbNaCRm656cPiskUPueovqGhzOtAErRQJxvmaoxDcyBBHVb0y7qUchVI4EWW0Z/lf20jppQIrIAFcLjUuU4y4mqaMVuU1RM0VdKj7jaM8JYvU1/8kGFMtFFQWcbRfihd2y+EbwxyRaNp6GCCC2EoqXZSy2RlrGtvMiUp41Lie50aV5Mj0DkLfICTNVxj20gedbYn6K45ybYe2lGDqwDCY9j6FWj9taUW7CIbVsV+oJWzZXhMuwbUwc6hNDqyqHaeTyaj2bmI6QyFJhlbiCyUtYIyOfgc0VO1dCuWr9/qPZxbAjY28T14lFHlS/0oambyA9how== foo@home
---
> command="/usr/bin/cvs server",no-port-forwarding,no-pty,no-X11-forwarding,no-agent-forwarding ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEArnzR8H6UAFTVWMmxYwbNaCRm656cPiskUPueovqGhzOtAErRQJxvmaoxDcyBBHVb0y7qUchVI4EWW0Z/lf20jppQIrIAFcLjUuU4y4mqaMVuU1RM0VdKj7jaM8JYvU1/8kGFMtFFQWcbRfihd2y+EbwxyRaNp6GCCC2EoqXZSy2RlrGtvMiUp41Lie50aV5Mj0DkLfICTNVxj20gedbYn6K45ybYe2lGDqwDCY9j6FWj9taUW7CIbVsV+oJWzZXhMuwbUwc6hNDqyqHaeTyaj2bmI6QyFJhlbiCyUtYIyOfgc0VO1dCuWr9/qPZxbAjY28T14lFHlS/0oambyA9how== foo@home

Regards,
-Brett.

-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-6-686
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages openssh-client depends on:
ii  add 3.102                                Add and remove users and groups
ii  deb 1.5.11etch1                          Debian configuration management sy
ii  dpk 1.13.25                              package maintenance system for Deb
ii  lib 2.3.6.ds1-13etch4                    GNU C Library: Shared libraries
ii  lib 1.39+1.40-WIP-2006.11.14+dfsg-2etch1 common error description library
ii  lib 2.9.cvs.20050518-2.2                 BSD editline and history libraries
ii  lib 1.4.4-7etch4                         MIT Kerberos runtime libraries
ii  lib 5.5-5                                Shared libraries for terminal hand
ii  lib 0.9.8c-4etch3                        SSL shared libraries
ii  pas 1:4.0.18.1-7                         change and administer password and
ii  zli 1:1.2.3-13                           compression library - runtime

openssh-client recommends no packages.

-- no debconf information
Reply to: