On Fri, 26 Oct 2001, Franklin DeMatto wrote: > all this talk of an sshd vulnerability has made my head spin... are we > talking about the (old) detect crc attack > typemismatch->malloc(0)/realloc(0) vulnerability - and just finding a > decent exploit for this - or has a new sshd vulnerability been > discovered. If a new vuln *has* been found, please, speak up, what is > it and which versions of sshd are vulnerable? hi frank its the crc32 compensation attack, but the compensation in the fix was vulnerable to a very subtle bug. detailed by the illustrious zalewski (at bindview): http://razor.bindview.com/publish/advisories/adv_ssh1crc.html from the advisory: ** Vulnerable: SSH 1.2.24 - 1.2.31 (ssh.com) -- all versions to date of release of this advisory F-SECURE SSH 1.3.x -- all recent releases OpenSSH prior to 2.3.0 (unless SSH protocol 1 support is disabled) OSSH 1.5.7 (by Bjoern Groenvall) and other ssh1/OpenSSH derived daemons ** Not vulnerable: SSH2 (ssh.com): all 2.x releases NOTE: SSH2 installations with SSH1 fallback support are vulnerable OpenSSH 2.3.0 (problem fixed) SSH 1.2.32 (ssh.com, released 10/22/2001) SSH1 releases prior to 1.2.24 (vulnerable to crc attacks) Cisco SSH (own implementation) LSH (SSH protocol 1 not supported) ** Other SSH daemons: not tested i hope this helps. ____________________________ jose nazario joseat_private PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80 PGP key ID 0xFD37F4E5 (pgp.mit.edu)
This archive was generated by hypermail 2b30 : Fri Oct 26 2001 - 10:43:28 PDT