From owner-freebsd-security  Thu Aug  1  5: 6:54 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id E289337B400; Thu,  1 Aug 2002 05:06:49 -0700 (PDT)
Received: from blues.jpj.net (blues.jpj.net [208.210.80.156])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id B0A2043E7B; Thu,  1 Aug 2002 05:06:48 -0700 (PDT)
	(envelope-from trevor@jpj.net)
Received: from blues.jpj.net (localhost.jpj.net [127.0.0.1])
	by blues.jpj.net (8.12.3/8.12.3) with ESMTP id g71C6got024802;
	Thu, 1 Aug 2002 08:06:42 -0400 (EDT)
	(envelope-from trevor@jpj.net)
Received: from localhost (trevor@localhost)
	by blues.jpj.net (8.12.3/8.12.3/Submit) with ESMTP id g71C6fL6024799;
	Thu, 1 Aug 2002 08:06:42 -0400 (EDT)
X-Authentication-Warning: blues.jpj.net: trevor owned process doing -bs
Date: Thu, 1 Aug 2002 08:06:41 -0400 (EDT)
From: Trevor Johnson <trevor@jpj.net>
To: Dag-Erling Smorgrav <des@ofug.org>
Cc: Mike Tancsa <mike@sentex.net>, Ruslan Ermilov <ru@FreeBSD.ORG>,
	<security@FreeBSD.ORG>
Subject: Re: Default ssh protocol in -STABLE [was: HEADS UP: FreeBSD-STABLE
 now has OpenSSH 3.4p1]
In-Reply-To: <xzpit3utgcq.fsf@flood.ping.uio.no>
Message-ID: <20020705170032.V94044-100000@blues.jpj.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Dag-Erling Smorgrav wrote:

> Trevor Johnson <trevor@jpj.net> writes:
> > Use of protocol version 1 makes an insertion attack possible, according to
> > <URL:http://www.openssh.com/security.html>.
>
> That same page also explains that OpenSSH contains code to make such
> attacks very difficult.

Their actual wording is "difficult but possible," not "very difficult."

The CRC32 compensation detection code to which you allude used to have
remote root hole, which was published and widely exploited.  In response,
CERT recommended in December of 2001 that protocol version 1 be disabled:

	Because the vulnerability affects software handling the SSHv1
	protocol, sites may wish to enable SSHv2 support only and disable
	SSHv1 fallback support. Refer to your secure shell server software
	documentation for information about how to accomplish this.

	Disabling SSHv1 support is generally a good practice, since a
	number of other vulnerabilities exist in the SSHv1 protocol itself
	and software handling of this protocol.

That is from <URL:http://www.cert.org/incident_notes/IN-2001-12.html>.

> >                                              The vulnerability was
> > published by CORE SDI in June of 1998.  I would like to see protocol
> > version 1 disabled by default, with a note in UPDATING about the change.
>
> No.  I will not arbitrarily lock users out of their machines.

Many users already must read UPDATING to get a working installation of
OpenSSH.

The OpenBSD folks have a philosophy that users who don't understand their
systems and don't spend much time configuring them systems shouldn't
become easy marks for attackers because of the installation defaults.
They explain it better than I, at
<URL:http://www.openbsd.org/security.html#default>.

Removing a weakness in security is not an arbitrary change.  It is the
type of change that is suitable for FreeBSD -STABLE in spite of
inconvenience to users, and making one-line changes to two files is only a
mild inconvenience.

Please reconsider.
-- 
Trevor Johnson


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message