Hello,
Yet another error in the advisory released last Wednesday.
----- Original Message -----
From: "Iván Arce" <[EMAIL PROTECTED]>
Newsgroups: core.lists.bugtraq
To: <[EMAIL PROTECTED]>
Sent: Wednesday, February 07, 2001 6:25 PM
Subject: [CORE SDI ADVISORY] SSH1 session key recovery vulnerability
> CORE SDI
> http://www.core-sdi.com
> SSH protocol 1.5 session key recovery vulnerability
>
>
...
> -------------- cut here ----------------------------------------------
>
> --- rsaglue.c 1999/12/10 23:27:25 1.8
> +++ rsaglue.c 2001/02/03 09:42:05
> @@ -264,7 +268,15 @@
> mpz_clear(&aux);
>
> if (value[0] != 0 || value[1] != 2)
> - fatal("Bad result from rsa_private_decrypt");
> + {
> + static time_t last_kill_time = 0;
> + if (time(NULL) - last_kill_time > 60 && getppid() != 1)
> + {
> + last_kill_time = time(NULL);
> + kill(SIGALRM, getppid());
... This is wrong wrong wrong and will produce unpredictable results
on the server machine and does not fix the vulnerability either.
The correct line is:
+ kill(getppid(),SIGALRM);
Thanks to Matt Power from the Bindview RAZOR Team for
pointing this out.
The advisory at our web page has been updateed to reflect this
change.
-ivan
---
"Understanding. A cerebral secretion that enables one having it to know
a house from a horse by the roof on the house,
Its nature and laws have been exhaustively expounded by Locke,
who rode a house, and Kant, who lived in a horse." - Ambrose Bierce
==================[ CORE Seguridad de la Informacion S.A. ]=========
Iván Arce
Presidente
PGP Fingerprint: C7A8 ED85 8D7B 9ADC 6836 B25D 207B E78E 2AD1 F65A
email : [EMAIL PROTECTED]
http://www.core-sdi.com
Florida 141 2do cuerpo Piso 7
C1005AAC Buenos Aires, Argentina.
Tel/Fax : +(54-11) 4331-5402
=====================================================================
--- For a personal reply use [EMAIL PROTECTED]
