Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 30 Nov 2001 01:39:39 -0800
From:      Erick Mechler <emechler@techometer.net>
To:        bsd-sec@boneyard.lawrence.ks.us
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Re: sshd exploit
Message-ID:  <20011130013939.Q67199@techometer.net>
In-Reply-To: <Pine.BSF.4.10.10111300105070.99377-100000@madeline.boneyard.lawrence.ks.us>; from bsd-sec@boneyard.lawrence.ks.us on Fri, Nov 30, 2001 at 01:30:57AM -0600
References:  <20011129012235.U6446-100000@achilles.silby.com> <Pine.BSF.4.10.10111300105070.99377-100000@madeline.boneyard.lawrence.ks.us>

next in thread | previous in thread | raw e-mail | index | archive | help
:: > The CRC bug was fixed in 2.3.0, which was merged into -stable before the
:: > release of freebsd 4.3.  If 3.0.1's giving you any enhanced immunity, it's
:: > to a bug which has not yet been announced.
:: > 
:: > If there _is_ a new bug, and it follows the decription in the url posted
:: > earlier in the thread, it's probably also SSHv1 related, and can be
::  [...]
:: 
:: Perhaps so.  However, at the univeristy department where I work, RH Linux lab 
:: machines running both 2.5.x and 2.9.x versions of OpenSSH were indeed 
:: compromised while running ssh version 1.

[snip]

This is, and someone correct me if I'm wrong, not what everyone else's
experience has been with the crc32 attack in SSHv1.  According to all
reports I've read, including the long, detailed message sent by the
Security Officer to this same list entitled "Lack of evidence for new SSH
vulnerability" a few hours before yours, this bug was fixed in 2.3.0.  
Instead of attempting to cause more panic, care to send us more info?  Did
the cracked boxes exhibit the same characteristics as those described in
Dittrich's analysis?  Can anybody else on this list either verify or deny
the claims made here?

Stephen, please don't think I'm picking on you, I just want to make sure
that we're not all talking about the same exploit.

Cheers - Erick

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011130013939.Q67199>