Re: Bug#506115: openssh: Plaintext Recovery Attack Against SSH
- To: 506115@bugs.debian.org, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
- Subject: Re: Bug#506115: openssh: Plaintext Recovery Attack Against SSH
- From: Moritz Muehlenhoff <jmm@inutil.org>
- Date: Thu, 21 May 2009 16:09:07 +0200
- Message-id: <[🔎] 20090521140907.GA20704@inutil.org>
- In-reply-to: <20081121184453.GY4735@riva.ucam.org>
- References: <20081118224402.62f86482.henrich@debian.or.jp> <20081118144048.GW4735@riva.ucam.org> <20081121114901.GA28801@riva.ucam.org> <0811211715390.7386@somehost> <20081121184453.GY4735@riva.ucam.org>
On Fri, Nov 21, 2008 at 06:44:53PM +0000, Colin Watson wrote:
> On Fri, Nov 21, 2008 at 05:29:33PM +0100, Cristian Ionescu-Idbohrn wrote:
> > On Fri, 21 Nov 2008, Colin Watson wrote:
> > > Accordingly, I'm downgrading this bug; I'd rather not rush out a
> > > configuration change (which could well break interoperability with
> > > unusual servers; it wouldn't be the first time) when upstream doesn't
> > > feel it's urgent enough to do so themselves.
> >
> > Right. But what exactly are the pits one could fall into, should one
> > follow the advice?
> >
> > Ciphers aes128-ctr,aes256-ctr,arcfour256,arcfour,aes128-cbc,aes256-cbc
>
> I'm not going to spend much time on this given that upstream doesn't
> think it's serious. I tend to agree having read their analysis, too: if
> it takes you several tens of thousands of attempts to connect
> successfully, then you should probably consider whether somebody is
> mucking about with your connection rather than continuing to type in
> your password ...
The mitigation patches added in OpenSSH added in 5.2 are too riskey
to interoperability regressions IMO.
However, we could apply the previous mitigation patch in a stable point
update:
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/packet.c.diff?r1=1.157;r2=1.158;f=h
Colin, what do you think?
Cheers,
Moritz
Reply to: