[Bug 2040] Downgrade attack vulnerability when checking SSHFP records

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Thu Jan 31 03:20:40 EST 2013


Ondřej Caletka <ondrej at caletka.cz> changed:

           What    |Removed                     |Added
   Attachment #2188|0                           |1
        is obsolete|                            |

--- Comment #6 from Ondřej Caletka <ondrej at caletka.cz> ---
Created attachment 2211
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2211&action=edit
Fix downgrade attack vulnerability in handling SSHFP records

Here comes a new version of the patch fixing downgrade vulnerability as
the former one did not work well after applying the „future digests“
patch. Instructions counting found DNS records are shifted after
hostkey initialization.

You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

More information about the openssh-bugs mailing list