Security Incidents mailing list archives
Re: Attacks against SSH?
From: Russell Fulton <r.fulton () auckland ac nz>
Date: Wed, 5 Dec 2001 15:51:53 +1300 (NZDT)
On Tue, 4 Dec 2001 17:16:22 -0500 (EST) Michal Zalewski <lcamtuf () coredump cx> wrote:
On Tue, 4 Dec 2001, Jason Baker wrote:I took a quick look around and didn't see the exploit code, is there anyone who can confirm if debian with ssh 1:1.2.3-9.2 is vulnerable? (Or point me at the exploit and I'll test myself)You can test for the vulnerability in rather trivial way, as described in our original advisory. You need to use OpenSSH client that does not truncate usernames, and then try the following: ssh -l`perl -e '{print "A"x90000}'` someserver -v If the connection is dropped with no error message (and the daemon dies with signal 11) after establishing a connection and exchanging keys but before password prompt, you are vulnerable. If it gives you password prompt, you are not vulnerable.
Thanks for the handy test! I can confirm that the *updated* debian package with SSH-1.5-OpenSSH-1.2.3 in not vulnerable: bluebottle:~ >ssh -l`perl -e '{print "A"x90000}'` 130.216.yyy.xxx Word too long. bluebottle:~ >src/scanssh/scanssh 130.216.yyy.xxx 130.216.yyy.xxx SSH-1.5-OpenSSH-1.2.3 Russell Fulton, Computer and Network Security Officer The University of Auckland, New Zealand ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Attacks against SSH? johan . augustsson (Dec 03)
- Re: Attacks against SSH? Aaron Schultz (Dec 03)
- Re: Attacks against SSH? f.johan.beisser (Dec 03)
- Re: Attacks against SSH? johan . augustsson (Dec 04)
- Re: Attacks against SSH? Jordan K Wiens (Dec 04)
- Re: Attacks against SSH? Dave Dittrich (Dec 04)
- Re: Attacks against SSH? Jason Baker (Dec 04)
- Re: Attacks against SSH? Michal Zalewski (Dec 04)
- Re: Attacks against SSH? Russell Fulton (Dec 04)
- Re: Attacks against SSH? Przemyslaw Frasunek (Dec 05)
- Re: Attacks against SSH? johan . augustsson (Dec 04)
- Re: Attacks against SSH? f.johan.beisser (Dec 04)
- SSH1 CRC32 Compensation Attacks Armando B. Ortiz (Dec 10)
- Re: SSH1 CRC32 Compensation Attacks Andreas Östling (Dec 10)
- Re: SSH1 CRC32 Compensation Attacks Armando Ortiz (Dec 10)
- Re: Attacks against SSH? Steven S (Dec 03)
- Re: Attacks against SSH? Adam Manock (Dec 04)