Re: Analysis of SSH crc32 compensation attack detector exploit

From: Florian Weimer (Florian.Weimerat_private-Stuttgart.DE)
Date: Mon Nov 19 2001 - 05:30:36 PST

Next message: Cabezon Aurélien: "Gallery Addon for PhpNuke remote file viewing vulnerability"

Previous message: 18C3 Crew: "CfP: 18th annual Chaos Communication Congress, Berlin, Germany"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

(nobody) writes:

> Dave Dittrich <dittrichat_private> writes:
> 
> > The analysis has been updated to reflect this, and the script
> > modified somewhat.  The most recent version can be found at:
> > 
> > 	http://staff.washington.edu/dittrich/misc/ssh-analysis.txt

On some architectures, otherwise vulnerable SSH 1.2.2x versions are
not vulnerable because word16 and word32 are the same data type
(UNICOS/mk on Cray T3E appears to be in this category, the same is
probably true for a few other supercomputers.)

-- 
Florian Weimer 	                  Florian.Weimerat_private-Stuttgart.DE
University of Stuttgart           http://cert.uni-stuttgart.de/
RUS-CERT                          +49-711-685-5973/fax +49-711-685-5898

Next message: Cabezon Aurélien: "Gallery Addon for PhpNuke remote file viewing vulnerability"
Previous message: 18C3 Crew: "CfP: 18th annual Chaos Communication Congress, Berlin, Germany"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Nov 19 2001 - 13:09:24 PST