From owner-freebsd-security@FreeBSD.ORG Fri Nov 21 11:28:11 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B7C381065672 for ; Fri, 21 Nov 2008 11:28:11 +0000 (UTC) (envelope-from djm@mindrot.org) Received: from natsu.mindrot.org (natsu.mindrot.org [116.66.166.108]) by mx1.freebsd.org (Postfix) with ESMTP id 71B078FC1B for ; Fri, 21 Nov 2008 11:28:11 +0000 (UTC) (envelope-from djm@mindrot.org) Received: by natsu.mindrot.org (Postfix, from userid 506) id 13A3EC4B54; Fri, 21 Nov 2008 22:10:38 +1100 (EST) X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on natsu.mindrot.org X-Spam-Level: X-Spam-Status: No, score=-2.4 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.2.5 Received: from fuyu.mindrot.org (fuyu.mindrot.org [203.217.30.81]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "fuyu.mindrot.org", Issuer "StartCom Class 1 Primary Intermediate Server CA" (not verified)) by natsu.mindrot.org (Postfix) with ESMTPS id 23EC8C4AB0; Fri, 21 Nov 2008 22:10:33 +1100 (EST) Received: by fuyu.mindrot.org (Postfix, from userid 1000) id A5F15A4F6B; Fri, 21 Nov 2008 22:10:32 +1100 (EST) Received: from localhost (localhost [127.0.0.1]) by fuyu.mindrot.org (Postfix) with ESMTP id A3D45A4F25; Fri, 21 Nov 2008 22:10:32 +1100 (EST) Date: Fri, 21 Nov 2008 22:10:32 +1100 (EST) From: Damien Miller To: Eygene Ryabinkin In-Reply-To: Message-ID: References: <6p2tlso0g3Xi5suHfErE3rcPs54@Mr6N54GlMnGhD+RQ1Yhx+24IxLk> User-Agent: Alpine 1.10 (BSO 962 2008-03-14) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Mailman-Approved-At: Fri, 21 Nov 2008 12:34:30 +0000 Cc: freebsd-security@freebsd.org, openssh@openssh.com Subject: Re: Plaintext recovery attack in SSH, discovered by CPNI? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Nov 2008 11:28:11 -0000 see http://www.openssh.com/txt/cbc.adv On Fri, 21 Nov 2008, Eygene Ryabinkin wrote: > Me again. > > Wed, Nov 19, 2008 at 04:20:58PM +0300, Eygene Ryabinkin wrote: > > Just came across the following list in the oss-security list: > > http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt > > For you interest, CVE was created and it has some interesting > links inside (SANS one explains some general trends): > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5161 > > It seems that some vendors are moving to the CTR encryption mode as the > default one. Does anyone has something to say about this? As I > understand, the advisory from CPNI is public, so there is no point to > refraining from discuissing this in the open lists. OpenSSH people, I > understand that this is not just "two day business", but can you at > least drop a mail that you're investigating this? > > Thanks a lot. > -- > Eygene > _ ___ _.--. # > \`.|\..----...-'` `-._.-'_.-'` # Remember that it is hard > / ' ` , __.--' # to read the on-line manual > )/' _/ \ `-_, / # while single-stepping the kernel. > `-'" `"\_ ,_.-;_.-\_ ', fsc/as # > _.-'_./ {_.' ; / # -- FreeBSD Developers handbook > {_.-``-' {_/ # >