From owner-freebsd-security  Tue Dec 28  1: 7:49 1999
Delivered-To: freebsd-security@freebsd.org
Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31])
	by hub.freebsd.org (Postfix) with ESMTP id A5A7F150BA
	for <freebsd-security@FreeBSD.ORG>; Tue, 28 Dec 1999 01:07:42 -0800 (PST)
	(envelope-from des@flood.ping.uio.no)
Received: (from des@localhost)
	by flood.ping.uio.no (8.9.3/8.9.3) id KAA06285;
	Tue, 28 Dec 1999 10:07:33 +0100 (CET)
	(envelope-from des@flood.ping.uio.no)
To: Warner Losh <imp@village.org>
Cc: Fernando Schapachnik <fpscha@via-net-works.net.ar>,
	freebsd-security@FreeBSD.ORG
Subject: Re: OpenSSH vulnerable to protocol flaw?
References: <199912161207.JAA22894@ns1.via-net-works.net.ar> <199912162104.OAA74270@harmony.village.org>
From: Dag-Erling Smorgrav <des@flood.ping.uio.no>
Date: 28 Dec 1999 10:07:33 +0100
In-Reply-To: Warner Losh's message of "Thu, 16 Dec 1999 14:04:35 -0700"
Message-ID: <xzpbt7b77sa.fsf@flood.ping.uio.no>
Lines: 42
User-Agent: Gnus/5.0802 (Gnus v5.8.2) Emacs/20.4
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Warner Losh <imp@village.org> writes:
> OpenSSH implements the ssh1 protocol, which is vulnerable to insertion
> attacks like the one described in bugtraq.  I don't think they have
> changed the protocol at all, but I'm sure someone will tell me if I'm
> wrong.

Random quotes from the advisory:

  Note that the new revision for the SSH protocol, proposed and
  published as Internet Drafts [2],[3],[4] [5] makes use of
  cryptographycally strong message authentication codes for
  integrity checks that wont fail to these attacks.

  [...]

  [2] "SSH Protocol Architecture", draft-ietf-secsh-architecture-01.txt.gz
       T. Ylonen, T. Kivinen, M. Saarinen. SSH. November 7th, 1997

  [3] "SSH Connection Protocol", draft-ietf-secsh-connect-03.txt.gz
       T. Ylonen, T. Kivinen, M. Saarinen. SSH. November 7th, 1997

  [4] "SSH Authentication Protocol", draft-ietf-secsh-userauth-03.txt.gz
       T. Ylonen, T. Kivinen, M. Saarinen. SSH. November 7th, 1997

  [5] "SSH Transport Layer Protocol",draft-ietf-secsh-transport-03.txt.gz
       T. Ylonen, T. Kivinen, M. Saarinen. SSH. November 7th, 1997

           (drafts expired on May 7th, 1998)

  [...]

   In the meantime, upgrade to version 1.2.25 of SSH, which
   fixes the problem. The SSH 1.2.25 distribution can be
   obtained from:

    <ftp://ftp.cs.hut.fi/pub/ssh/ssh-1.2.25.tar.gz>

<URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=199806120125.WAA05406@takeover.core.com.ar>

DES
-- 
Dag-Erling Smorgrav - des@flood.ping.uio.no


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message