OpenSSH is _not_ vulnerable the several known problems in SSH-1 (fwd)

Dave Dittrich dittrich at cac.washington.edu
Sat Feb 17 00:53:17 PST 2001


FYI. OpenSSH comes default with Red Hat Linux 7.0. I still haven't
figured out all the RPMs that must be updated to use it on RH 6.2 or
less. (It relies on GLIBC 2.2 and some other stuff that isn't trivial
to update.)

--
Dave Dittrich Computing & Communications
dittrich at cac.washington.edu Client Services
http://staff.washington.edu/dittrich University of Washington

PGP key http://staff.washington.edu/dittrich/pgpkey.txt
Fingerprint FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5

---------- Forwarded message ----------
Date: Thu, 15 Feb 2001 09:13:41 +0100
Subject: OpenSSH is _not_ vulnerable the several known problems in SSH-1
From: Markus Friedl <Markus.Friedl at informatik.uni-erlangen.de>
To: openssh-unix-dev at mindrot.org, ssh at clinet.fi, security-announce at openbsd.org,
misc at openbsd.org
Cc: bugtraq at securityfocus.com

-----------------------------------------------------------------------

Special OpenBSD Security Note

February 14, 2001

OpenSSH is _not_ vulnerable the several known problems in SSH-1

-----------------------------------------------------------------------

The CERT Coordination Center has published the following notes about
weaknesses in various SSH protocol version 1 implementations.

Since many people using OpenSSH are worried about these issues,
we decided to publish these notes.

1) http://www.kb.cert.org/vuls/id/565052
"Passwords sent via SSH encrypted with RC4 can be easily cracked"

2) http://www.kb.cert.org/vuls/id/665372
"SSH connections using RC4 and password authentication can be
replayed"

3) http://www.kb.cert.org/vuls/id/25309
"Weak CRC allows RC4 encrypted SSH packets to be modified without
notice"

4) http://www.kb.cert.org/vuls/id/684820
"SSH allows client authentication to be forwarded if encryption
is disabled"

5) http://www.kb.cert.org/vuls/id/315308
"Last block of IDEA-encrypted SSH packet can be changed without
notice"

6) http://www.kb.cert.org/vuls/id/786900
"SSH host key authentication can be bypassed when DNS is used
to resolve localhost"

7) http://www.kb.cert.org/vuls/id/118892
"Older SSH clients do not allow users to disable X11 forwarding"

OpenSSH is _not_ vulnerable to #1, #2 and #3 since OpenSSH does not
allow RC4 in its SSH protocol 1 implementation.

OpenSSH is _not_ vulnerable to #4 since OpenSSH does not allow
encryption to be disabled.

OpenSSH is _not_ vulnerable to #5 since OpenSSH does not support
IDEA.

OpenSSH is _not_ vulnerable to #6 since OpenSSH does not resolve
"localhost". OpenSSH uses the resolved IP-address and disables the
host key authentication for 127.0.0.1 only.

OpenSSH is _not_ vulnerable to #7 since OpenSSH permits users to
disable X11 forwarding, and this is the default configuration in
the OpenSSH client.

The SSH protocol version 2 (a.k.a. SecSH) is not affected by problems
#1, #2, #3, #4 and #5.

The OpenSSH client currenly defaults to preferring SSH-1 protocol
over SSH-2 protocol, but in a future release the default will soon
change, since the SSH-2 protocol support has improved considerably.

-----------------------------------------------------------------------




More information about the Linux mailing list