[lug] SSH Vulnerability

[Nate Duehr]

Not sure if I trust them yet.  I just wanted to get the word out and
have more eyeballs looking at the problem.

Other things I have read indicated to me that some vendors already have
fixes in current versions, others haven't responded.

Of course, this is causing a big stir at the office, so I gotta run for
now, but I'll post anything else useful I find.

On Fri, Feb 09, 2001 at 12:05:39PM -0700, Scott A. Herod wrote:
> Hi Nate,
> 
> Just saw that.  How does one interpret the patch by hand?
> 
>   --- deattack.c.orig     Wed Feb  7 13:53:47 2001
>   +++ deattack.c  Wed Feb  7 13:54:24 2001
>   @@ -79,7 +79,7 @@
>    detect_attack(unsigned char *buf, word32 len, unsigned char *IV)
>    {
>      static word16  *h = (word16 *) NULL;
>   -  static word16   n = HASH_MINSIZE / HASH_ENTRYSIZE;
>   +  static word32   n = HASH_MINSIZE / HASH_ENTRYSIZE;
>      register word32 i, j;
>      word32          l;
>      register unsigned char *c;
> 
> 
> This means replace the "static word16" with "static word32", correct?
> 
> Do you trust the razor.bindview.com website?  There's nothing so
> far on www.cert.org or www.nipc.gov.
> 
> Scott
> 
> Nate Duehr wrote:
> > 
> > Slashdot and other sources are reporting that there is a new published
> > exploit for pretty much all versions of SSH, not including OpenSSH
> > 2.4.0.
> > 
> > The page below also details various vendor responses with F-Secure being
> > the worst.  (No response at all so far back to the reporting party.)
> > 
> > Here's the people reporting it:
> > 
> > http://razor.bindview.com/publish/advisories/adv_ssh1crc.html
> > 
> > --
> > Nate Duehr <nate at natetech.com>
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug

-- 
Nate Duehr <nate at natetech.com>

GPG Key fingerprint = DCAF 2B9D CC9B 96FA 7A6D AAF4 2D61 77C5 7ECE C1D2
Public Key available upon request, or at wwwkeys.pgp.net and others.