UPDATE: SSH insertion attack

From: Ivan Arce (iarce@core-sdi.com)
Date: Fri Jul 03 1998 - 16:09:35 PDT

Next message: Ivan Arce: "ANNOUNCE: WinAudlog, centralized logfile checking"

Previous message: Michael Howard: "Re: More potential ASP problems"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----


- -------------------------------------------------------------------------------

                            
                              CORE SDI S.A.
                          Buenos Aires, Argentina
                         <http://www.core-sdi.com>
             

                       Update on SSH insertion attack
                            July 3rd, 1998                       


- -------------------------------------------------------------------------------

A new patch for the detection  of the SSH insertion attack published by 
CORE on June 11th. is now available at:

<http://www.core-sdi.com/ssh>
 
The new patch fixes two problems originally mentioned in
comp.security.ssh by David Jones <jonesdat_private-state.edu> 
that were found to have certain implications on the reliability of the
attack detection.

It is strongly recommended to apply the new patch.

MD5 hashes for the available files are provided
below:

 MD5 (ssh-1.2.25-core.tar.gz)   = 9cc2adf10e8c2563db1d70a24ac4b2cd
 MD5 (ssh-1.2.23-core-b.tar.gz) = 328583fc8356b96a4b3c629260685965
 MD5 (ssh-1.2.23-core-b.tar.Z)  = f8210154b07116cd70ffe77bffbc9463
 MD5 (ssh-1.2.25.tar.Z)         = 3c171a91d6eab639f6ea06e62be53b85
 MD5 (ssh-1.2.23b.patch)        = 882c36fd589a863927a8ef48d456dfef
 MD5 (ssh-1.2.25.patch)         = 57b2d84116642fd3135dc641045445df
 
 Patches apply to the original SSH distributions 1.2.23 and 1.2.25

 Additionally, a more technical description of the attack is
 provided at the same URL.
 
$Id: ssh-addenum.txt,v 1.1 1998/07/03 20:22:32 iarce Exp $
- -- 
==============================[ CORE Seguridad de la Informacion S.A. ]=======
Ivan Arce
Gerencia de Tecnologia                          Email     : ivan@core-sdi.com
Av. Santa Fe 2861 5to C                         TE        : +54-1-821-1030
CP 1425                                         FAX       : +54-1-821-1030
Buenos Aires, Argentina                         Mensajeria: +54-1-317-4157
==============================================================================

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQCVAwUBNZ1RxfnO/LnPTgz1AQGYUgP/dqd+1cC9aLLuAgbOcYn2QaRFtuZKKiHL
58yjJPW5uYWfQB9qh5zEXEXTPc76/cNqQgY303JqWkrkIjOQ8ZG3lLqlPpBCHKRF
NIVKY5mMZBOZ6O8G1Cp4lzlaWycq2+03yKElO3wnHnJkic3+w98AF223kNLjvkmX
JAeEaYIUUzw=
=WvWJ
-----END PGP SIGNATURE-----

Next message: Ivan Arce: "ANNOUNCE: WinAudlog, centralized logfile checking"
Previous message: Michael Howard: "Re: More potential ASP problems"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:02:11 PDT