Notified: December 09, 2001 Updated: June 07, 2002
Affected
Markus Friedl of OpenSSH writes: "OpenSSH-2.2.0 and later fix this problem by imposing a limit to the numbers of allowed connections. Versions earlier than 2.3.0 should not be used, because the suffer the CRC32 bug. "Later versions of OpenSSH (2.5.* and later) add additional countermeasures (like not calling fatal() on RSA operation failures and adding random cookies for each new generated server key, see the source for defails)."
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: December 09, 2001 Updated: June 12, 2002
Unknown
Tatu Ylonen of SSH Communications Security writes: "SSH1 has been officially deprecated for some time now. I strongly urge all users to switch to the latest SSH Secure Shell (or generally to the version 2 of the Secure Shell protocol). The version 1.x protocol suffers from many security problems. "I do, however, have reason to believe that the issue reported here may be a fluke. There was discussion about the Bleisenbacher attack against SSH1 some years ago (after the attack became public), and the general conclusion at that time was that it didn't affect Secure Shell. The session key in SSH1 is encrypted TWICE, once by the server key, and once by the host key. To decrypt the session key, one would need to be able to determine BOTH the server key and the host key. I am not aware of a variant of the Bleisenbacher attack that would do this.... "As a fix, I would add upgrading to the lastest version (ssh-3.1.2, or ssh-1.2.33 if one insists on using the deprecated 1.x protocol)."
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.