OpenSSH is _not_ vulnerable the several known problems in SSH-1

Markus Friedl Markus.Friedl at informatik.uni-erlangen.de
Thu Feb 15 19:13:41 EST 2001


-----------------------------------------------------------------------
                
                  Special OpenBSD Security Note
                                 
                        February 14, 2001
                                 
 OpenSSH is _not_ vulnerable the several known problems in SSH-1

-----------------------------------------------------------------------

The CERT Coordination Center has published the following notes about
weaknesses in various SSH protocol version 1 implementations.

Since many people using OpenSSH are worried about these issues,
we decided to publish these notes.

1) http://www.kb.cert.org/vuls/id/565052
   "Passwords sent via SSH encrypted with RC4 can be easily cracked"

2) http://www.kb.cert.org/vuls/id/665372
   "SSH connections using RC4 and password authentication can be
   replayed"

3) http://www.kb.cert.org/vuls/id/25309
   "Weak CRC allows RC4 encrypted SSH packets to be modified without
   notice"

4) http://www.kb.cert.org/vuls/id/684820
   "SSH allows client authentication to be forwarded if encryption
   is disabled"

5) http://www.kb.cert.org/vuls/id/315308
   "Last block of IDEA-encrypted SSH packet can be changed without
   notice"

6) http://www.kb.cert.org/vuls/id/786900
   "SSH host key authentication can be bypassed when DNS is used
   to resolve localhost"

7) http://www.kb.cert.org/vuls/id/118892
   "Older SSH clients do not allow users to disable X11 forwarding"

OpenSSH is _not_ vulnerable to #1, #2 and #3 since OpenSSH does not
allow RC4 in its SSH protocol 1 implementation.

OpenSSH is _not_ vulnerable to #4 since OpenSSH does not allow
encryption to be disabled.

OpenSSH is _not_ vulnerable to #5 since OpenSSH does not support
IDEA.

OpenSSH is _not_ vulnerable to #6 since OpenSSH does not resolve
"localhost".  OpenSSH uses the resolved IP-address and disables the
host key authentication for 127.0.0.1 only.

OpenSSH is _not_ vulnerable to #7 since OpenSSH permits users to
disable X11 forwarding, and this is the default configuration in
the OpenSSH client.

The SSH protocol version 2 (a.k.a. SecSH) is not affected by problems
#1, #2, #3, #4 and #5.

The OpenSSH client currenly defaults to preferring SSH-1 protocol
over SSH-2 protocol, but in a future release the default will soon
change, since the SSH-2 protocol support has improved considerably.

-----------------------------------------------------------------------





More information about the openssh-unix-dev mailing list