Bugtraq mailing list archives
Re: severe error in SSH session key recovery patch
From: Robert Varga <nite () HQ ALERT SK>
Date: Mon, 12 Feb 2001 19:57:56 +0100
On Sun, Feb 11, 2001 at 12:07:39PM -0500, Andrew Brown wrote:
-- With the patch, the lifespan of the server key still does not go below one minute. As mentioned in CORE SDI's advisory, the number of server connections necessary to carry out the attack is normally very large but "the number of connections given is for the average case and specifics cases will fall below the average". This suggests that is not entirely out of the question for the attack to succeed within one minute. If that risk is not appropriate in one's environment, then other measures (which may include inetd/tcpserver but may also include desupporting use of SSH protocol 1.5) are needed.1) { 2) static time_t last_kill_time = 0; 3) if (time(NULL) - last_kill_time > 60 && getppid() != 1) 4) { 5) last_kill_time = time(NULL); 6) kill(SIGALRM, getppid()); 7) } 8) fatal("Bad result from rsa_private_decrypt"); 9) }
Am I missing something ? time(NULL) returns something (other than 0, till 2036 at least ;-)), meaning (time(NULL) - last_kill_time) will we GREATER than 60 (remeber - has higher priority wrt evaluation than >). That in turn assigns the current system time to last_kill_time. It is declared static, meaning it will RETAIN its value after the function returns, making the above code work perfectly for the time being (next ~30 years). -- Kind regards, Robert Varga ------------------------------------------------------------------------------ n () hq sk http://hq.sk/~nite/gpgkey.txt
Attachment:
_bin
Description:
Current thread:
- severe error in SSH session key recovery patch Matt Power (Feb 10)
- Re: severe error in SSH session key recovery patch Andrew Brown (Feb 12)
- Re: severe error in SSH session key recovery patch Kari Hurtta (Feb 12)
- Re: severe error in SSH session key recovery patch Robert Varga (Feb 12)
- Re: severe error in SSH session key recovery patch Tatu Ylonen (Feb 13)
- Re: severe error in SSH session key recovery patch Andrew Brown (Feb 12)