OpenSSH is _not_ vulnerable the several known problems in SSH-1
Markus Friedl
Markus.Friedl at informatik.uni-erlangen.de
Thu Feb 15 19:13:41 EST 2001
-----------------------------------------------------------------------
Special OpenBSD Security Note
February 14, 2001
OpenSSH is _not_ vulnerable the several known problems in SSH-1
-----------------------------------------------------------------------
The CERT Coordination Center has published the following notes about
weaknesses in various SSH protocol version 1 implementations.
Since many people using OpenSSH are worried about these issues,
we decided to publish these notes.
1) http://www.kb.cert.org/vuls/id/565052
"Passwords sent via SSH encrypted with RC4 can be easily cracked"
2) http://www.kb.cert.org/vuls/id/665372
"SSH connections using RC4 and password authentication can be
replayed"
3) http://www.kb.cert.org/vuls/id/25309
"Weak CRC allows RC4 encrypted SSH packets to be modified without
notice"
4) http://www.kb.cert.org/vuls/id/684820
"SSH allows client authentication to be forwarded if encryption
is disabled"
5) http://www.kb.cert.org/vuls/id/315308
"Last block of IDEA-encrypted SSH packet can be changed without
notice"
6) http://www.kb.cert.org/vuls/id/786900
"SSH host key authentication can be bypassed when DNS is used
to resolve localhost"
7) http://www.kb.cert.org/vuls/id/118892
"Older SSH clients do not allow users to disable X11 forwarding"
OpenSSH is _not_ vulnerable to #1, #2 and #3 since OpenSSH does not
allow RC4 in its SSH protocol 1 implementation.
OpenSSH is _not_ vulnerable to #4 since OpenSSH does not allow
encryption to be disabled.
OpenSSH is _not_ vulnerable to #5 since OpenSSH does not support
IDEA.
OpenSSH is _not_ vulnerable to #6 since OpenSSH does not resolve
"localhost". OpenSSH uses the resolved IP-address and disables the
host key authentication for 127.0.0.1 only.
OpenSSH is _not_ vulnerable to #7 since OpenSSH permits users to
disable X11 forwarding, and this is the default configuration in
the OpenSSH client.
The SSH protocol version 2 (a.k.a. SecSH) is not affected by problems
#1, #2, #3, #4 and #5.
The OpenSSH client currenly defaults to preferring SSH-1 protocol
over SSH-2 protocol, but in a future release the default will soon
change, since the SSH-2 protocol support has improved considerably.
-----------------------------------------------------------------------
More information about the openssh-unix-dev
mailing list