From owner-freebsd-security@FreeBSD.ORG Wed Nov 19 13:21:01 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 817D1106567F for ; Wed, 19 Nov 2008 13:21:01 +0000 (UTC) (envelope-from rea-fbsd@codelabs.ru) Received: from 0.mx.codelabs.ru (0.mx.codelabs.ru [144.206.177.45]) by mx1.freebsd.org (Postfix) with ESMTP id 305AC8FC1C for ; Wed, 19 Nov 2008 13:21:01 +0000 (UTC) (envelope-from rea-fbsd@codelabs.ru) DomainKey-Signature: a=rsa-sha1; q=dns; c=simple; s=one; d=codelabs.ru; h=Received:Date:From:To:Cc:Subject:Message-ID:MIME-Version:Content-Type:Content-Disposition:Sender; b=TDYrIGvAAdNfwk0AYkDXcwdJ2ERB4I7kpjWrx/9UDWnvqpjJaOnl3WrIGtAZmKK94R1EWIvBuz9k8y2iWMXOqxg8TwTT/yNTc3MW5J24dyGoizDn8uwc4zClI8Bdes8xzIsNg1K9WLezRgY5J0E5LK+FR3gdoTaN24RaHKXmv60=; Received: from void.codelabs.ru (void.codelabs.ru [144.206.177.25]) by 0.mx.codelabs.ru with esmtpsa (TLSv1:AES256-SHA:256) id 1L2mzL-000Gh5-W0; Wed, 19 Nov 2008 16:21:00 +0300 Date: Wed, 19 Nov 2008 16:20:58 +0300 From: Eygene Ryabinkin To: freebsd-security@freebsd.org Message-ID: <6p2tlso0g3Xi5suHfErE3rcPs54@Mr6N54GlMnGhD+RQ1Yhx+24IxLk> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="ATYltwmfWCpDp8Ax" Content-Disposition: inline Sender: rea-fbsd@codelabs.ru Cc: openssh@openssh.com Subject: Plaintext recovery attack in SSH, discovered by CPNI? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Nov 2008 13:21:01 -0000 --ATYltwmfWCpDp8Ax Content-Type: text/plain; charset=koi8-r Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Good day. Just came across the following list in the oss-security list: http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt People are saying that this vulnerability was tested for Debian's ;)) OpenSSH 4.7p1, but they generally believe that any RFC-compliant implementation should have this if CBC mode is used. The advisory says that CTR mode is safe, but I see that at least for FreeBSD's OpenSSH (OpenSSH_5.1p1) still uses various ciphers in the CBC mode as the preferential ones. Perhaps we should just change the default ciphersuites order? So, it is interesting what OpenSSH developers can tell about this: I had seen no words about this at http://openssh.org/security.html and relese notes, so if you can -- please, comment on this. Thanks! --=20 Eygene _ ___ _.--. # \`.|\..----...-'` `-._.-'_.-'` # Remember that it is hard / ' ` , __.--' # to read the on-line manual =20 )/' _/ \ `-_, / # while single-stepping the kernel. `-'" `"\_ ,_.-;_.-\_ ', fsc/as # _.-'_./ {_.' ; / # -- FreeBSD Developers handbook=20 {_.-``-' {_/ # --ATYltwmfWCpDp8Ax Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) iEYEARECAAYFAkkkEroACgkQthUKNsbL7YiDBACeNdKt8zJg6H3mfwILDZ4nl/du m3UAmgIZct/6dCWakB3FlHhMSMUKDvjL =bmqt -----END PGP SIGNATURE----- --ATYltwmfWCpDp8Ax--