Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 21 Nov 2008 08:50:47 +0300
From:      Eygene Ryabinkin <rea-fbsd@codelabs.ru>
To:        freebsd-security@freebsd.org
Cc:        openssh@openssh.com
Subject:   Re: Plaintext recovery attack in SSH, discovered by CPNI?
Message-ID:  <Nr4bFBjnW8SC2cBhy37/xqxP6SM@h3Iv%2BXGzMlVsqQhKLTPQUFtjrxk>
In-Reply-To: <6p2tlso0g3Xi5suHfErE3rcPs54@Mr6N54GlMnGhD%2BRQ1Yhx%2B24IxLk>
References:  <6p2tlso0g3Xi5suHfErE3rcPs54@Mr6N54GlMnGhD%2BRQ1Yhx%2B24IxLk>
next in thread | previous in thread | raw e-mail | index | archive | help 

--o7gdRJTuwFmWapyH
Content-Type: text/plain; charset=koi8-r
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Me again.

Wed, Nov 19, 2008 at 04:20:58PM +0300, Eygene Ryabinkin wrote:
> Just came across the following list in the oss-security list:
>   http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt

For you interest, CVE was created and it has some interesting
links inside (SANS one explains some general trends):
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2008-5161

It seems that some vendors are moving to the CTR encryption mode as the
default one.  Does anyone has something to say about this?  As I
understand, the advisory from CPNI is public, so there is no point to
refraining from discuissing this in the open lists.  OpenSSH people, I
understand that this is not just "two day business", but can you at
least drop a mail that you're investigating this?

Thanks a lot.
--=20
Eygene
 _                ___       _.--.   #
 \`.|\..----...-'`   `-._.-'_.-'`   #  Remember that it is hard
 /  ' `         ,       __.--'      #  to read the on-line manual  =20
 )/' _/     \   `-_,   /            #  while single-stepping the kernel.
 `-'" `"\_  ,_.-;_.-\_ ',  fsc/as   #
     _.-'_./   {_.'   ; /           #    -- FreeBSD Developers handbook=20
    {_.-``-'         {_/            #

--o7gdRJTuwFmWapyH
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (FreeBSD)

iEYEARECAAYFAkkmTDcACgkQthUKNsbL7Yib9ACeLXYHttvIidCKvsq4guYfBHTf
iYgAn1pw1j6x0kLrCxDqaUaFZDVNfL6K
=KujY
-----END PGP SIGNATURE-----

--o7gdRJTuwFmWapyH--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Nr4bFBjnW8SC2cBhy37/xqxP6SM>