[lug] SSH Vulnerability
Timothy C. Klein
teece at silverklein.net
Mon Feb 12 19:03:56 MST 2001
You know, I had a couple of these too,
No idea why.
Tim
On Mon, Feb 12, 2001 at 01:34:36PM -0700, D. Stimits wrote:
> This is another mysterious failure message. I don't know what part got
> through to where. It seems somewhat like mail sent from BLUG that
> bounces going to an individual is being sent to me as well. Very
> strange.
>
>
> postmaster at mail.penton.com wrote:
> >
> > Delivery Failure Report
> >
> > Your Re: [lug] SSH Vulnerability
> > document:
> >
> > was not pjanett at healthwell.com
> > delivered to:
> >
> > because: Host connect failed - destination host not responding
> >
> >
> > SFA_Notes4/Penton, SFA_Notes4/Penton, SFA_Notes4/Penton.mail.penton.com(SMTP,
> > SFA_Notes4/Penton
> >
> > ________________________
> >
> > To: lug at lug.boulder.co.us
> > cc:
> > From: SFA_Notes4/Penton
> > Date: 02/09/2001 11:29:03 PM GMT
> > Subject: Re: [lug] SSH Vulnerability
> >
> > "Scott A. Herod" wrote:
> > >
> > > Hi Nate,
> > >
> > > Just saw that. How does one interpret the patch by hand?
> > >
> > > --- deattack.c.orig Wed Feb 7 13:53:47 2001
> > > +++ deattack.c Wed Feb 7 13:54:24 2001
> > > @@ -79,7 +79,7 @@
> > > detect_attack(unsigned char *buf, word32 len, unsigned char *IV)
> > > {
> > > static word16 *h = (word16 *) NULL;
> > > - static word16 n = HASH_MINSIZE / HASH_ENTRYSIZE;
> > > + static word32 n = HASH_MINSIZE / HASH_ENTRYSIZE;
> > > register word32 i, j;
> > > word32 l;
> > > register unsigned char *c;
> > >
> > > This means replace the "static word16" with "static word32", correct?
> > >
> > > Do you trust the razor.bindview.com website? There's nothing so
> > > far on www.cert.org or www.nipc.gov.
> > >
> > > Scott
> > >
> > > Nate Duehr wrote:
> > > >
> > > > Slashdot and other sources are reporting that there is a new published
> > > > exploit for pretty much all versions of SSH, not including OpenSSH
> > > > 2.4.0.
> > > >
> > > > The page below also details various vendor responses with F-Secure being
> > > > the worst. (No response at all so far back to the reporting party.)
> > > >
> > > > Here's the people reporting it:
> > > >
> > > > http://razor.bindview.com/publish/advisories/adv_ssh1crc.html
> > > >
> > > > --
> > > > Nate Duehr <nate at natetech.com>
> >
> > FYI, I looked at the deattack.c patch posted at:
> > http://razor.bindview.com/publish/advisories/adv_ssh1crc.html
> >
> > And compared one portion of that file (deattack.c) to the "portable"
> > source distributed at a USA mirror listed by www.openssh.org, and found
> > one of the patch changes had been applied (for version 2.3.0p1). I did
> > not check if all changes listed were applied, but the 2.3.0p1 that I
> > have does use at least part of the patch listed. So at least some
> > portion of this published patch is accepted for 2.3.0p1.
> > _______________________________________________
> > Web Page: http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
--
===================================================================
== Timothy Klein || And what rough beast ==
== teece at hypermall.net || Its hour come round at last ==
== Aufwiedersehen! || Slouches towards Bethlehem to be born? ==
== Aufwiedersehen! || The beast of Redmond, nothing more. ==
===================================================================
More information about the LUG
mailing list