On Sat, Feb 10, 2001 at 03:08:11PM +0200, Tatu Ylonen wrote:
> On Fri, 9 Feb 2001, Christophe Dupre wrote (on the [EMAIL PROTECTED] list):
> > I just read Razor's vulnerability advisory, as reported on slashdot.
> > Any truth to it, or is it another wannabe ?
>
> I suppose you are referring to this one:
> > "Bindview released an advisory yesterday warning us that "[a]n
> > integer-overflow problem is present in common code of recent
> > ssh daemons, deattack.c, which was developed by CORE SDI to protect
> > against cryptographic attacks on SSH protocol. [...] This effectively
> > allows an attacker to overwrite arbitrary portions of memory"
>
> SSH2 is not vulnerable to this issue at all.  Thus, if you are
> using ssh-2.4.0, or any earlier version of SSH2, you are safe.
>
> The vulnerability only affects the SSH1 protocol.  The bug in the deattack

This is incorrect. The CRC compensation attack affects the SSH1
protocol. This new vulnerability, however, only affects ssh1
implementations based on the original ssh-1.xx tree from the now
ssh.com people, incorporating a 'fix' for the CRC compensation attack.
This fix is broken.

Rephrasing: the SSH1 protocol has a weakness. One implementation of
the fix is vulnerable.

> The effect of this particular vulnerability is that it may allow a highly
> advanced attacker to insert commands into an SSH1 session using an active
> network-level attack together with a cryptographic attack.  I consider
> this something that needs to be fixed (the real fix is to move to SSH2),
> but it is not an immediate threat.

Not 'this' vulnerability. The old CRC compensation attack
vulnerability.

[snip]
> Ssh-2.4.0 is available from www.ssh.com (or ftp://ftp.ssh.com/pub/ssh),
> and is completely free for any use on Linux, FreeBSD, NetBSD, and OpenBSD,
> as well as for use by universities and charity organizations, and for
> personal hobby/recreational use by individuals.

This message from Tatu is pure blatant marketing. It points out
potential weaknesses in the ssh1 protocol that we knew about already,
applying incorrect statements to either vulnerability (the one in the
protocol and the one in the fix from their sourcetree), and then goes on
about how the fix is to move to ssh.com's ssh2 software. It is *not* the
only implementation!

Greetz, Peter.

Reply via email to