Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0

• Previous message: Marcin Zurakowski: "Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0"
• In reply to: Thomas Roessler: "Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0"
• Next in thread: Sports: "RE: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0"
• Next in thread: Marcin Zurakowski: "Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>
> >A quick glance at the source code suggests that SSH 2.3.0 and
> >2.4.0 have the same problem.  Is this true?
>
> I suppose we are talking about this section of ssh 2.4.0's
> sshunixuser.c:
>
>    940
>    941	  /* Authentication is accepted if the encrypted passwords are identical. */
>    942	#ifdef HAVE_HPUX_TCB_AUTH
>    943	  return strncmp(encrypted_password, correct_passwd,
>    944	                 strlen(correct_passwd)) == 0;
>    945	#else /* HAVE_HPUX_TCB_AUTH */
>    946	  return strcmp(encrypted_password, correct_passwd) == 0;
>    947	#endif /* HAVE_HPUX_TCB_AUTH */
>
> If I read this correctly, it's certainly not a problem unless ssh is
> compiled with HAVE_HPUX_TCB_AUTH defined.  In that case, it may or

the linux compile at least doesn't #define HAVE_HPUX_TCB_AUTH so
the sshd 2.4.0 is not vulnerable on linux.

Luci

• Next message: Trond Eivind Glomsrød: "Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0"
• Previous message: Marcin Zurakowski: "Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0"
• In reply to: Thomas Roessler: "Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0"
• Next in thread: Sports: "RE: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0"
• Next in thread: Marcin Zurakowski: "Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jul 23 2001 - 09:36:47 PDT